ISO 27001 Consulting

Simple . Effective . Affordable

Our strategy is to keep things simple and easy

Simplify your security, Amplify your protection

Our consultations are designed to provide you with simple, effective, and affordable solutions that simplify your security measures while amplifying your protection.

We provide a full set of services across the entire ISO 27001 standard. These range from assessment, implementation, certification, and ongoing management of the cyber security controls and certification. to Proactively Manage, Monitor, and Maintain your (ISMS), ensuring consistent conformity to ISO 27001.

Whether you need to manage a fresh ISO implementation, or simply maintain your existing compliance, I'll guide you down a hassle-free path to keep your regulators happy. 

we will work with you one-on-one to assess your current security measures, identify vulnerabilities, and develop a tailored plan to achieve and maintain compliance.

Description of Our Services

Choose the level of engagement

Claim your 100% FREE no-obligation 40 minutes strategy session call.  

We will answer your burning questions and show you how you can achieve ISO 27001 certification faster and cheaper.


Are you considered compliance or certification?

To achieve ISO 27001 compliance or certification, you’ll need an Information Security Management System or ISMS. There are many different ways of creating one.ISO 27001 compliance is about implementing and adhering to the requirements of the standard, while ISO 27001 certification is a formal process of assessing and verifying an organization's compliance with the standard by an independent third-party certification body.To create a successful ISMS, you’ll need to balance people, knowledge, and technology. We make that easy with our simplified, secure, sustainable implementation Methodology and Templates. It speeds up ISO 27001 implementation and simplifies ongoing ISMS management.One of the key features of ISO 27001 is that it is risk-based. The implementation of controls (technical measures, policies, processes, etc.) is not prescriptive but is determined by an information risk assessment taking into account your risk appetite and the information you are seeking to protect.

What is ISO 27001?

ISO 27001 is an internationally recognized standard for information security management. It provides a framework for organizations to establish, implement, maintain, and continually improve an information security management system (ISMS). This helps businesses protect their sensitive information and manage risks effectively.

What is an ISMS?

An ISMS, or Information Security Management System, is a set of policies, procedures, and controls designed to manage an organization’s information security risks. It encompasses the people, processes, and technology involved in protecting and securing sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.

Why do startups need ISO 27001?

How long does it take to prepare for an ISO certification?
The time required to prepare for an ISO certification depends on various factors such as the organization’s size, complexity, existing security measures, and level of readiness. Typically, the preparation process can take several months to a year. It involves conducting a risk assessment, implementing security controls, documenting policies and procedures, and performing internal audits. With our methodology, SMEs need a maximum of 6 months cloud-native, with standard complexity and around 50 employees.

How does the pricing work?

All contracts run for 12 months. You can pay monthly or upfront for one year. Additional consultation can be requested and offered. The regular consultation hour is charged 185€/h. The monthly packages are price optimized and calculated based on the complexity and size of your company. 

How much does an ISO 27001 certification cost?

The initial audit consists of stage 1 (document and readiness check) and stage 2 (main assessment) audit which is split up into two phases. After the audit a report is created and you pay a fee for the certificate license. After the initial audit and certification, a surveillance audit is conducted annually which is shorter in duration and cheaper. After a three-year period, you start with the so-called recertification audit.

The costs of certification mainly depend on the number of people (FTE) working in the scope of the ISMS, the complexity of the organizations’ processes, as well as their IT landscape, and the industry. Note that these pricing ranges are approximate and can vary based. To provide you with an accurate quote, it is needed to gather more details about your requirements.

SimpleInfoSec: Where Compliance Meets Competence