ISO ยท Advisory Service Components

For organizations building or maturing an information security management system with internal capability and external expertise needs

Most consultancies hand you templates populated with generic language and expect your team to figure out the rest. We build your complete ISMS: policies, procedures, risk assessment methodology, Statement of Applicability, internal audit program, and the operational processes that make certification sustainable. Your team focuses on implementation and operations. We architect the management system.

  • The Management System Audit For organizations evaluating ISO 27001 certification readiness. A technical assessment of your current security posture against Annex A controls, your existing documentation against Clause requirements, and your operational practices against what auditors actually evaluate. You receive a comprehensive roadmap showing exactly what it takes to reach certification, with remediation priorities mapped to certification risk.
  • Phase 0: Architecture Discovery For organizations committed to the full certification journey. Accelerated discovery that bypasses standalone gap analysis and flows directly into ISMS build. No assessment report gathering dust while you figure out next steps. We produce foundational artifacts (Context of Organization, Interested Parties Register, preliminary scope definition) and immediately begin architecture.
  • ISMS Advisory The core build. We create your complete information security management system: policies aligned to your organizational context, procedures that reflect actual operations, risk assessment methodology your team will follow, Statement of Applicability with implementation evidence, internal audit program designed to find real issues, and management review processes that drive decisions. Documentation that describes your security program, not a theoretical framework you're supposed to map yourself to.
  • Sentinel: Certification Support We stay through certification. Stage 1 documentation review preparation, evidence organization, auditor question response, Stage 2 interview support, and nonconformity remediation coordination. The engagement ends when you have your certificate, not when our SOW expires.

Every deliverable is custom-written for your organization. Zero templates. Zero generic language. ISMS documentation your security team can actually use for operations, onboarding, and the surveillance audits that follow certification. When registrars review our packages, evidence traces cleanly, procedures match reality, and interviews don't surface surprises.

Includes:

  • Gap Assessments against 27001/27017/27018
  • Phase 0 Architecture Discovery
  • Information Security Policy Suite
  • Risk Assessment Methodology & Risk Treatment Plans
  • Statement of Applicability (SoA)
  • Procedures & Work Instructions
  • Internal Audit Program Design
  • Management Review Framework
  • Sentinel Certification Support