ISO 27001 Consulting

Simple . Effective . Affordable

Our strategy is to keep things simple and easy

Simplify your security, Amplify your protection

Our consultations are designed to provide you with simple, effective, and affordable solutions that simplify your security measures while amplifying your protection.

We provide a full set of services across the entire ISO 27001 standard. These range from assessment, implementation, certification, and ongoing management of the cyber security controls and certification. to Proactively Manage, Monitor, and Maintain your (ISMS), ensuring consistent conformity to ISO 27001.

Whether you need to manage a fresh ISO implementation, or simply maintain your existing compliance, I'll guide you down a hassle-free path to keep your regulators happy.

we will work with you one-on-one to assess your current security measures, identify vulnerabilities, and develop a tailored plan to achieve and maintain compliance.

Description of Our Services

ISO 27001 Gap Analysis & Scoping
ISO 27001 Risk Assessment
ISO 27001 ISMS Management System
ISO 27001 Annex A Controls
ISO/ 27001 Policy writing
ISO 27001 Internal Audit

Choose the level of engagement

Ad-hoc hours or days to cover a few specific areas
Weekly or monthly meetings to keep the project moving
Documentation writing to speed up the process
A fully managed project to get you to certification fast

Here's how we conduct our sessions

Claim your 100% FREE no-obligation 40 minutes strategy session call.

We will answer your burning questions and show you how you can achieve ISO 27001 certification faster and cheaper.

Get All Your Questions Answered - Schedule a Call Now

FAQ

Are you considered compliance or certification?

To achieve ISO 27001 compliance or certification, you’ll need an Information Security Management System or ISMS. There are many different ways of creating one.ISO 27001 compliance is about implementing and adhering to the requirements of the standard, while ISO 27001 certification is a formal process of assessing and verifying an organization's compliance with the standard by an independent third-party certification body.To create a successful ISMS, you’ll need to balance people, knowledge, and technology. We make that easy with our simplified, secure, sustainable implementation Methodology and Templates. It speeds up ISO 27001 implementation and simplifies ongoing ISMS management.One of the key features of ISO 27001 is that it is risk-based. The implementation of controls (technical measures, policies, processes, etc.) is not prescriptive but is determined by an information risk assessment taking into account your risk appetite and the information you are seeking to protect.

What is ISO 27001?

ISO 27001 is an internationally recognized standard for information security management. It provides a framework for organizations to establish, implement, maintain, and continually improve an information security management system (ISMS). This helps businesses protect their sensitive information and manage risks effectively.

What is an ISMS?

An ISMS, or Information Security Management System, is a set of policies, procedures, and controls designed to manage an organization’s information security risks. It encompasses the people, processes, and technology involved in protecting and securing sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.

Why do startups need ISO 27001?

Better be prepared than reactive – no matter if you are waiting for your customers or VCs to request you to prove your security status or you want to be prepared against cyber-attacks.
A proper implementation protects you from GDPR fines (which can be up to 4% of your annual turnover).
Data losses not only lead to contractual penalties but also implicate loss of reputation, loss of sales, or complete discontinuation of business operations.
Easy integration – for startups an ISMS can be easily integrated into these young companies as they are more flexible in their growing phase.
Transparency and improvement – within the ISO implementation project organizations understand that they have not been protected in the right way in the past.
Follow a comprehensive security framework – ISO provides clear guidance and improves the maturity of security-relevant processes right from the beginning.
Better sales – young companies have a competitive advantage compared to non-certification holders.
Show what you got – the standard provides a simplified assurance and is used as international proof for information security.
Clean up and enable – young companies are often less regulated, e.g. employees use different private notebooks, cloud tools of choice, and other shadow IT for business-relevant activities. The standard helps you to identify, evaluate and reduce risks without restricting the dynamics of the company.
Get your investment – Investors take a look at the Due Diligence (and the information security strategy) of startups. ISO proactively enables and helps to fulfill these high requirements.
Learn from the best – feedback from industry experts (e.g., auditors) allows you to discuss best practices and your current challenges.
Save money – cost savings are measurable, e.g. for incident cases.

How long does it take to prepare for an ISO certification?

The time required to prepare for an ISO certification depends on various factors such as the organization’s size, complexity, existing security measures, and level of readiness. Typically, the preparation process can take several months to a year. It involves conducting a risk assessment, implementing security controls, documenting policies and procedures, and performing internal audits. With our methodology, SMEs need a maximum of 6 months cloud-native, with standard complexity and around 50 employees.

How does the pricing work?

All contracts run for 12 months. You can pay monthly or upfront for one year. Additional consultation can be requested and offered. The regular consultation hour is charged 185€/h. The monthly packages are price optimized and calculated based on the complexity and size of your company.

How much does an ISO 27001 certification cost?

The initial audit consists of stage 1 (document and readiness check) and stage 2 (main assessment) audit which is split up into two phases. After the audit a report is created and you pay a fee for the certificate license. After the initial audit and certification, a surveillance audit is conducted annually which is shorter in duration and cheaper. After a three-year period, you start with the so-called recertification audit.

The costs of certification mainly depend on the number of people (FTE) working in the scope of the ISMS, the complexity of the organizations’ processes, as well as their IT landscape, and the industry. Note that these pricing ranges are approximate and can vary based. To provide you with an accurate quote, it is needed to gather more details about your requirements.

SimpleInfoSec: Where Compliance Meets Competence