ISO-27001 Certification & Compliance Consulting

Service Tiers

Foundation – Oversight Only

Ideal for organisations with an internal project lead who want independent ISO‑27001 expertise to keep implementation on track.

Independent review of ISO‑27001 project progress
Regular check‑ins (monthly or quarterly) with management and project teams
Early identification of gaps, risks, and non‑conformities
Guidance on prioritising corrective actions to avoid certification delays
Advisory support on interpretation of ISO‑27001 requirements
Review of ISMS documentation for accuracy and completeness
Strategic recommendations to keep the project aligned with business objectives
Preparation tips for certification audits based on real‑world audit experience
Support in aligning project timelines with certification body requirements
Advice on engaging and managing third‑party suppliers during implementation
Recommendations for embedding ISO‑27001 processes into business-as-usual operations

Partner – Assisted Deployment

Best for organisations with capable internal resources who want a joint management, structured framework, expert guidance, quality assurance throughout the ISO‑27001 journey.

Jointly managed ISO‑27001 implementation with a clear division of responsibilities
Tailored project plan with defined milestones and deliverables
Access to proven ISMS templates, policies, and procedures
Training sessions for your team on ISO‑27001 requirements and control implementation
Ongoing review and refinement of ISMS documentation
Guidance on applying Annex A controls to your specific business context
Support in conducting risk assessments and preparing the Statement of Applicability
Regular quality checks to ensure work meets certification standards
Advice on resolving findings from internal audits or pre‑certification reviews
Progress reporting to senior management or the board

FullScope – Hand‑Held Deployment

Designed for organisations that want an expert to take full responsibility for the ISO‑27001 project, delivering everything from initial analysis to certification readiness.

Complete project ownership from day one to certification
Initial gap analysis and readiness assessment against ISO‑27001 requirements
Development of a tailored ISMS framework and full documentation set
Comprehensive risk assessment and Statement of Applicability creation
Implementation of both technical and procedural Annex A controls
Staff awareness training to ensure understanding and adoption of the ISMS
Coordination with internal teams, external suppliers, and the certification body
Internal audit programme delivery prior to certification
Detailed pre‑certification readiness review to address any gaps
Full support during Stage 1 and Stage 2 certification audits
Post‑certification handover and guidance for ongoing ISMS maintenance

Assure – Ongoing Management & Audits

Ideal for organisations that have achieved ISO‑27001 certification and want to maintain compliance, continually improve their ISMS, and prepare for surveillance or recertification audits with minimal disruption.

Annual internal audit programme covering all ISO‑27001 clauses and Annex A controls
Scheduled surveillance audit readiness checks to identify and address potential issues early
Regular updates to ISMS documentation to reflect organisational or regulatory changes
Ongoing risk assessment reviews and updates to the Statement of Applicability
Monitoring of control effectiveness with recommendations for improvements
Facilitation of annual management reviews in line with ISO‑27001 Clause 9.3
Incident response testing and refinement of procedures based on lessons learned
Advisory support for integrating new technologies, processes, or business changes into the ISMS
Liaison with certification bodies during surveillance or recertification audits
Staff refresher training and awareness updates to ensure continued engagement
Quarterly or bi‑annual reporting to senior leadership or the board on ISMS performance

Why Choose This Approach

Choosing the right partner for ISO‑27001 and information security management can mean the difference between a smooth, efficient certification process and one that drags on, disrupts operations, and costs more than it should.

We offer:

Board‑Level Insight – Strategic understanding of how ISO‑27001 fits into your organisation's broader goals and risk profile.
Proven Experience – Nearly two decades in technology leadership, including founding, growing, and selling a successful IT Managed Service Provider.
Practical Implementation – Solutions that meet ISO requirements without unnecessary bureaucracy or over‑engineering.
Flexible Engagement – Four service tiers, from oversight to full delivery, tailored to your capacity and budget.
End‑to‑End Capability – Governance, risk management, technical control implementation, and documentation support in one place.
Audit Expertise – Hands‑on experience preparing for and managing internal, supplier, and certification audits.
Sustainable Outcomes – Embedding ISO processes into day‑to‑day operations so compliance is maintained, not just achieved.

Our Process

A structured, proven approach to achieving ISO‑27001 certification and managing your ISMS effectively.

Discovery & Gap Analysis
- Assess your current position against ISO‑27001 requirements
- Identify gaps, risks, and areas for improvement
ISMS Planning & Documentation
- Develop the framework, policies, and procedures needed for compliance
- Tailor documentation to your organisation's size, industry, and risk profile
Control Implementation
- Deploy technical, procedural, and organisational Annex A controls
- Ensure measures are practical, effective, and embedded into operations
Internal Audit & Readiness Review
- Conduct internal audits to verify conformity with ISO‑27001
- Address any findings before the certification body's audit
Certification & Beyond
- Support through Stage 1 and Stage 2 certification audits
- Ongoing ISMS management and continual improvement where required

ISO-27001 Certification Made Practical

About Dave Devery