Skip to content
Security incident? Call: +48 732 059 711
Cydefen
pl en
ISO 27001:2022

ISMS that actually protects your company's information

We deploy an Information Security Management System from scratch to certification. Gap analysis, policies, risk registers, internal audits, and certification support.

For whom?

  • IT firms, SaaS, and software companies — enterprise client requirement
  • Data processors (payment processors, BPO, contact centers)
  • Enterprises bidding for public contracts and procurement
  • Subsidiaries of international groups with compliance requirements
  • Organizations preparing for NIS2, DORA, or GDPR
What you receive

Implementation outcomes

ISO 27001 gap analysis

Detailed assessment of current security maturity. Map to all 93 controls with prioritization and effort estimates.

Statement of Applicability

Document scoping your ISMS — which controls are relevant and why. Justification for each exclusion.

Security policies and procedures

Complete set of 14 policies per ISO 27001: user, access, cryptography, incident, continuity, supplier, etc.

Risk and control register

Threat mapping, risk assessment (likelihood × impact), control identification, register format for auditors.

Internal audit program

We conduct first audit, train your auditors, leave repeatable annual audit plan.

Certification audit support

We participate in Stage 1 (document review) and Stage 2 (operational audit). Hundreds of certifications supported.

How we work

ISO 27001 implementation in 5 phases

  1. 01

    Gap analysis

    Business and IT interviews, document review, technical testing. Report mapped to 93 controls with prioritization.

  2. 02

    ISMS design

    Define ISMS scope, organizational context, stakeholders. Security policy and objectives definition.

  3. 03

    Control implementation

    14 policies, procedures, RACI matrices, staff training. Technical deployment (infrastructure, tools, monitoring).

  4. 04

    Internal audit and management review

    Full internal audit cycle, management review, corrective actions. ISMS maturity verification.

  5. 05

    Certification readiness

    Stage 1 (auditor document review), non-conformance closure, Stage 2 (operational audit). Certificate receipt.

FAQ

Common questions

How long does ISO 27001 implementation take?
Typically 6–12 months from start to certification audit. Depends on org size, ISMS scope, and current control maturity.
Does ISO 27001 cover technical and organizational controls?
Both. ISO 27001 requires technical-organizational controls (policies, training) and technical controls (encryption, firewall, backup, monitoring).
How many of the 93 controls do we need to implement?
Depends on ISMS scope and risk. Typically 40–70 controls. Rest can be excluded with justification in SoA.
Do you support ISO 27001 alongside NIS2 or DORA?
Yes. ISO 27001 is the foundation — NIS2, DORA, GDPR build on it. One implementation meets multiple requirements.
What's the difference between Stage 1 and Stage 2?
Stage 1: auditor reviews documentation. Stage 2: auditor visits, tests controls on-site.

Start ISO 27001 implementation

30-minute consultation: we assess your ISMS and propose a certification timeline.

Schedule consultation Back to implementations