ISO/IEC 27001 Implementation and Assurance
Gap-to-certification programmes that auditors recognise.
Senior-led ISO/IEC 27001:2022 implementation, internal audit and external certification support. Designed around the 2022 control set and the senior judgement that survives a stage-2 audit. Most clients reach Stage 1 readiness in 4–6 months.
02Typical triggers
When this service is on the desk.
- 01Customer questionnaire requires ISO 27001 evidence
- 02Tender or RFP gating on certification
- 03Recertification cycle approaching
- 04Existing ISMS failing internal audit
- 05Acquirer requirement post-deal
03Typical outputs
Artefacts that earn the audit, the customer or the board.
- ·Scoping document and management system
- ·Statement of Applicability with risk-linked controls
- ·Risk treatment plan and risk register
- ·Control evidence pack and walkthrough notes
- ·Internal audit programme and management review pack
04Engagement shapes
Three ways the engagement is typically scoped.
SHAPE 01
Gap-to-cert
4–9 month programme through Stage 1 + Stage 2 audit.
SHAPE 02
Maintenance
Annual retainer covering surveillance, evidence, and continual improvement.
SHAPE 03
Recertification
Targeted 3-month uplift for the three-year recertification.
DELIVERED BY
Paul Jolliffe
FOUNDER · INFOSECAI · MBA · CISSP · ISO 27001:2022 LA / LI / IA · PRINCE2 Practitioner
Twenty years of senior security leadership across financial services, healthcare, government, telecoms and technology. Engagements are senior from day one: no subcontracted juniors, no introduce-and-exit.