Implementing ISO 27001

This sought after certification is now becoming almost mandatory for many organisations that have an online focus and are managing customer data.

ISO 27001 is the international standard for information security and involves the development and management of an Information Security Management System (ISMS).

The team at Cyber21 have a track record of successful implementations and also updates to the standard (e.g. the update to the 2022 version).

We have the necessary skills, experience and an ISO 27001 toolkit. This enables us to fast track your implementation. We also set up an ISO 27001 management environment within Microsoft Teams.

Fast and efficient implementation services

What do our clients say?

"Our implementation took just over six months from start to finish. Cyber21 managed the whole process and their input and expertise was vital in the success of our certification"

"We recently engaged Cyber21 to update our ISMS to the 2022 version. They made the transition appear fairly easy, without a major overhead on my team"

"The team at Cyber21 took a very pragmatic approach to our ISO27001 implementation. This was refreshing and definitely saved us time and money in the process."

Are you struggling to manage your existing ISO27001 certification?

Cyber21 have a compliance management service. We can reduce your cost and compliance management overhead.

Outsource your compliance management to Cyber21

Our team will review your ISMS and take on the overhead of continual improvement and internal auditing.

Find out more

Something to think about?

"People think compliance is a burden. However with ISO 27001, it provides a positive benefit to your security posture and how customers perceive your business"

George Harris Tweet

Schedule a call to discuss ISO 27001 implementation

Let’s get the conversation started. We would like to discuss your requirements and how best we can assist you to implement ISO 27001.

How do we approach implementation?

Pragmatism is key

Cyber21 has a practical approach to implementing ISO 27001. Our rationale for this is that we want our customers to clearly understand the benefits of the standard, rather than feel it’s a burden on their operations.

We quickly establish the gaps between current controls and processes and those required by ISO 27001. We then align the implementation on bridging those gaps in such a way that is cost-effective and efficient.

Having a pragmatic approach enables us to identify solutions based upon our years of experience and our willingness to keep it simple.

How long does it take and what does it cost?

We offer cash flow friendly options

Implementation takes months, not weeks, as we always inform our clients. We frequently see advertisements from competitors that make unrealistic claims such as “we will get you certified within a month.”

We are upfront about this. Implementing ISO 27001 for most organisations requires not only technical changes but also changes in the day to day operations of the business.

We are here to guide our customers through that change management exercise and normally we estimate that implementing ISO 27001 will take at least six months.

The cost can vary significantly depending upon the size of the business, number of locations and the status of applied security controls. However, our costs are more simple to predict and we will be able to offer you a fixed price proposal. Note – we are offering a 10% discount on all orders before end of June 2025.

To support this, we offer our customers a monthly payment plan to spread the cost of the implementation over the whole duration.

What are the implementation steps?

Our implementation approach is based upon the steps below:

Gap analysis – review the current security controls and assess how these align to the requirements of ISO 27001. The identified gaps may include adjusting current controls and implementing new ones aligned to the standard. Once the analysis has been completed, we then establish a tailored ISO 27001 working environment within Microsoft Teams. Note – we may also adopt any existing tool (if required).
Statement of applicability (SoA) – the next logical step is to design the SoA so that it meets the needs of the organisation. We review how all of the applicable controls will be implemented and also state why some of the controls will not be required (i.e. not applicable).
Implementation planning – we agree a suitable implementation plan with the organisation to ensure that it can be achieved based upon existing workloads and investment requirements.
Governance establishment – we set up the required governance needed to manage the implementation of an Information Security Management System (ISMS). This usually takes the form of an Information Security Working Group (ISWG).
Documentation development – we utilise our ISO 27001 toolkit to fast track the development of the required policies, procedures and other artifacts needed by the standard.
Technical controls delivery – we work with your IT team (or managed service provider) to implement the necessary technical controls needed (e.g. threat detection, data loss prevention etc).
Change management – we provide advice and guidance on the controls implementation with regards to new working practices so that the standard can be demonstrated in time for certification.
Internal audit – we conduct a pre-certification internal audit so that we can assess your level of compliance with the standard and ensure that any non-conformities are rectified and areas for improvement are implemented.
Certification support – we are available to support your certification during the external audit undertaken by the certification body.