.png){kind=logo}
ISO 27001 is not as complicated as you think
You need the certification. We've done this 100+ times
You'll Receive:
- Certified-ready ISO 27001 ISMS with complete policies, procedures, and governance framework
- Comprehensive security documentation aligned to ISO 27001:2022 across all 93 Annex A controls
- Risk-based implementation roadmap with prioritized controls and clear accountability structure
- Operational governance framework ready for internal audits and external certification assessments
Trusted by leading organizations worldwide
150+ European organizations served
Get the certification
Our cascading process ensures you are supported at every step
ASSESS
Through a gap analysis we evaluate the tasks required to comply with the criteria
- Gap analysis
- Identify stakeholders
- Conduct interviews
- Collect data
PLAN
We establish with you the roles and responsibilities, define objectives, establish a risk management process
- Establish roles & responsibilities
- Define objectives & priorities
- Perform risk management
- Create project plan
IMPLEMENT
We produce all required documentation and help you implement security measures
- Produce required documentations
- Implement security processes
- Communicate
OPERATE: Run the implemented measures, monitor and improve, track issues and progress
AUDIT: We establish with you the audit program and provide you with experienced auditors
CERTIFY: We support you in the selection of certification bodies and during the process
Not sure if this service is right for you?
Take our quick quiz to find your perfect compliance solution based on your industry, company size, and specific needs.
Meet Your Compliance Experts
Swiss-trained professionals with decades of combined experience in regulatory compliance, risk management, and strategic advisory
Henri HAENNI
Expert in Business Continuity, Risk Management and Information Security Governance
ISO 27001 Lead Implementer & Auditor • ISO 37301 Lead Implementer • ISO 31000 Lead Risk Manager • Sorbonne University Paris 1 Lecturer
Alexis HIRSCHHORN
Expert in Information and Cyber Security, Cloud Security, Risk Management and Governance
ISO 27001 Lead Auditor • CISSP® Certified • ISO 42001 Lead Implementer • PECB MS Certifying Auditor
Laura Menétrey
Data Protection & Information Security Legal Expert
LLM in Data Protection Law • Certified GDPR Practitioner • Information Security Laws (NIS2, DORA) • Privacy Law Specialist
Jean MUNYARUGERERO
Information Security & Business Continuity Trainer
ISO 27001 Lead Implementer • CISM® Exam Bootcamp • ISO 27005 Risk Manager • NIST Cybersecurity Professional
Trusted by Leading Organizations
Real results from real clients who transformed their compliance operations
Frequently Asked Questions
Everything you need to know about this service
Because we do this full-time and you're not our first rodeo. We have templates, we know which controls matter most, we have relationships with certification bodies. Most companies take 18+ months because they're figuring it out as they go. We're not. That said: 2-3 weeks to documentation assumes your security controls are mostly in place. If your infrastructure is a mess, it'll take longer. We'll tell you honestly on the first call.
You don't fail a certification audit. Here's what actually happens: The auditor conducts the audit and may identify findings - these are things that need to be addressed or improved. We work with you to fix these findings, typically within 30 days. Once the findings are resolved and evidence is provided, certification is granted. Findings are normal and expected - they're opportunities to improve your ISMS before certification. We've done this 100+ times, and every client has received certification after addressing findings.
It depends on what you already have. ISO 27001 doesn't require specific tools—it requires specific controls. We'll assess your current security infrastructure first. Common gaps we typically find include: No MFA (need to add), no vulnerability scanning (need to add), no centralized logging (need to add), no SOC (Security Operations Center), no threat intelligence, poor Identity and Access Management, and no Supplier Risk Management. Don't worry—we've got you covered on all of this with our solutions. We'll help you implement the necessary controls using your existing tools where possible, or recommend cost-effective solutions where gaps exist.
You can absolutely maintain it yourselves. We'll train your team on what needs to happen quarterly/annually. Some clients want us to stick around for surveillance audits, some handle it internally. Ongoing support is optional, not required.
Stage 1: Auditor reviews your documentation remotely or on-site. Looking for completeness, proper structure, policy coverage. Stage 2: Auditor comes on-site (or virtual), interviews your team, reviews evidence, tests controls. They're looking to confirm the management system is in place and is operated successfully. Certification decision comes within a few days with our selected Certification Bodies.
Yes. Cloud-only is actually easier in some ways—fewer physical security controls to implement. We've certified fully remote companies, cloud-native startups, and distributed teams. The controls are the same, the implementation just looks different.
We complete implementation in 10-12 weeks. After that, your ISMS needs to be operational for a minimum period before certification audit - most certification bodies require at least 3 months of demonstrated operation. This allows us to: • Conduct a thorough internal audit (Week 9-11) • Collect evidence of controls actually working • Complete management reviews • Fix any issues before the real audit Total realistic timeline: 4-6 months from kickoff to certification - compared to the industry standard of 18+ months when companies try to figure this out themselves.
Ready to Transform Your Compliance?
Let's discuss your specific needs
Response within 2 hours•Free 30-min consultation•No commitment required