ISO 27001
From compliance burden to certification, in a focused programme fitted to your organisation.
I built the compliance core of Secured by FM CyberSecurity, and I have taken Norwegian SMBs from zero to certification-ready in roughly four weeks. ISO 27001 is a big job, but it does not have to be a slow one. What follows is the shape of a focused programme.
What we deliver
-
Gap analysis against ISO 27001:2022We walk the Annex A controls against today's operation and document which are missing, which exist informally, and which are ready for the auditor.
-
Statement of ApplicabilityAn SoA built on the real scope, with a written justification per control for inclusion or exclusion, not a template with your name pasted on top.
- ISMS documentation
Policies, procedures, and roles written for your organisation, not for the auditor. We own the template set and keep it alive between audits.
- Control implementation with technical owners
Every control gets a named customer-side owner and a concrete action plan, tied to the technical practices FM already operates.
- Internal audit and management review
We run the internal audit, document findings, and prepare the management review so the minutes are ready before the certification auditor arrives.
- A GRC tool that keeps controls alive
We set up Kertos or ServiceNow GRC so evidence accrues continuously, not as a panic sprint the week before the auditor shows up.
How we deliver this service
- In a project
A certification programme with a fixed scope, from gap analysis through the certification audit.
- As part of a service
Included in the Secured by FM CyberSecurity bundle with a certification guarantee, a refund if the main audit does not pass within the agreed window.
- In a role at the customer
An ISMS owner as a dedicated seat inside your organisation when the controls need to live on after certification.
Recent insights on ISO 27001
- What the EU Cyber Resilience Act is, and who it covers
The CRA is an EU law that ties cybersecurity rules to CE marking, so a product with digital elements cannot enter the EU market without it.
- What ISO 27001 Lead Implementer certification means for your project
An ISO 27001 Lead Implementer builds your ISMS; a Lead Auditor checks it. Hire the wrong role and your certification project stalls.
- From compliance burden to competitive advantage
How leadership teams move from compliance uncertainty to documented control, evidence that holds up under investor, customer, or regulatory due diligence.