Skip to content
Security incident? Call: +48 732 059 711
Cydefen
pl en
ISO 27001:2022

ISO 27001 that actually reduces risk

From gap analysis to certification audit — an ISMS your team actually uses, not a binder on the shelf. Annex A 2022 (93 controls) fully covered.

Who is it for?

  • SaaS companies selling to enterprise
  • Companies bidding for public tenders
  • Organisations preparing for NIS2 / DORA
  • Subsidiaries of international groups
  • Fast-growing scale-ups
What you get

Outcomes

Gap analysis vs. ISO 27001:2022

Every clause (4–10) and every Annex A control (93) mapped to your current controls.

ISMS design

Scope, policies, Statement of Applicability, risk register, risk treatment plan, performance metrics — written for your organisation, not a template.

Internal audit program

We run your first internal audit, train your internal auditors and leave you with a repeatable program.

Management review

We prepare the management review pack and run the first review with your board.

Certification audit support

We attend the Stage 1 and Stage 2 certification audits with you. 100% first-pass certification rate.

Ongoing ISMS maintenance

Surveillance audits, annual risk reviews, new controls, regulator updates — keep the ISMS alive.

How we work

ISO 27001 implementation in 5 phases

  1. 01

    Gap analysis

    Interviews, document review, technical sampling. Report with gaps, effort and priorities.

  2. 02

    Scope & policies

    ISMS scope, information security policy, topic-specific policies (access control, crypto, incident mgmt, supplier mgmt, etc.).

  3. 03

    Risk management

    Risk assessment methodology, risk register, risk treatment plan, Statement of Applicability.

  4. 04

    Operation & evidence

    Operate the ISMS for 3+ months, collect evidence, train employees, run internal audit and management review.

  5. 05

    Certification audit

    Stage 1 (documentation review) + Stage 2 (operational audit). We attend both with you.

FAQ

Frequently asked questions

How long does ISO 27001 implementation take?
Typically 6–9 months from kickoff to certification audit. Fast-track (4 months) possible for smaller organisations with good baseline controls.
Which certification body should we choose?
Any accredited body (BSI, DNV, TÜV, DEKRA, Bureau Veritas, etc.). We help you shortlist based on your geography, industry and budget.
What is the difference between ISO 27001:2013 and :2022?
Annex A restructured from 114 to 93 controls, 11 new controls added (threat intelligence, cloud security, secure development, data leakage prevention, etc.). We migrate you if you are still on :2013.
Does ISO 27001 cover NIS2?
Roughly 60–70% of NIS2 Art. 21. We do a delta analysis and fill the rest.
How is it billed?
Fixed-price per phase. Certification audit is paid directly to the certification body. Book a consultation for a concrete proposal.

Start your ISO 27001 journey

30-minute call, we scope the work and propose a realistic timeline and cost.

Book a consultation Back to compliance