Service
Information Governance (ISO 27001)
Implementation and internal audit support that helps organisations build, improve and maintain an effective ISO 27001 ISMS.
Implementation and internal auditing packages support organisations throughout the ISO 27001 journey. Continuous improvement sits at the centre of the service, with lead auditors providing actionable guidance that strengthens the Information Security Management System and improves readiness for external scrutiny.
We help clients establish robust governance foundations, review current controls, prepare for audit and maintain conformance in a practical way that fits real operations.
Overview
ISO 27001 consultancy built for practical implementation, internal audit and continuous improvement
From early-stage implementation to audit preparation, we help organisations understand requirements, strengthen controls and build an ISMS that is practical to maintain.
Consultancy services
Support is structured around the two core service areas defined in the client draft.
Internal Audit
The ISO 27001 Lead Auditors conduct an internal audit over a typical two day period, reviewing clauses, controls and how effectively the ISMS is maintained before external audit.
- Internal audit
- Conformance
- Findings report
Implementation
We help organisations establish a compliant ISMS from the ground up, guiding understanding, documentation, early action planning and future certification preparation.
- ISMS build
- Implementation
- Certification journey
ISO 27001 delivery process
Both implementation and internal audit follow a structured engagement model that clarifies expectations, documentation needs and reporting outcomes.
Initial call and stakeholder alignment
An initial call confirms scope, relevant stakeholders and the current information security posture or ISMS maturity.
Pre-engagement review and planning
Audit plans, points of contact and relevant documentation are reviewed ahead of workshop or interview days.
Delivery days
Workshops and interviews cover ISO 27001 requirements, implemented controls, current documentation and organisational adoption.
Reporting and follow-up
Reports are delivered within 3 working days and can be followed by agreed support, additional documentation guidance and 30 day catch-up activity.
Internal audit
The internal audit service is designed to help organisations prepare for external audit and maintain conformance with ISO 27001.
- An initial call confirms the relevant stakeholders for the organisation ISMS.
- An audit plan is issued, confirming points of contact and requesting relevant documentation such as the Information Security Policy and Information Security Objectives.
- Day one focuses on interviews covering the clauses of ISO 27001 and review of the organisation ISMS.
- Day two reviews implemented controls and includes interviews with a small employee sample to assess adoption across the organisation.
- A report is delivered within 3 working days confirming agreed nonconformities and observations.
Implementation
The implementation service helps organisations establish a robust and compliant ISMS aligned to ISO 27001 and ready for future certification.
- An initial call is used to understand the current information security posture and objectives.
- Relevant pre-engagement information such as existing policies or documentation is reviewed before scheduled interview days.
- Day one covers an overview of ISO 27001, review of current documentation and security practices, and creation of initial actions to begin implementation.
- Day two provides agreed actions, requested documentation and optional templates where they do not already exist.
- A list of external auditors that our partners have worked with can be supplied, along with additional agreed support.
- A report is delivered within 3 working days detailing current gaps and agreed actions.
- A catch-up call is provided after 30 days to review progress and determine if further consultancy is required.
Planning ISO 27001 implementation or audit preparation?
Tell us where you are in the journey and we will scope the right consultancy support.