ISO 27001 Readiness

We prepare your organisation for ISO 27001 certification — properly, practically, and without unnecessary consultancy costs.

Ready to certify, not just ready to pay.

Preparation That Actually Works

ISO 27001 certification is increasingly demanded by larger clients, supply chains and public sector procurement. But the certification process itself can be expensive, drawn out and full of consultancy fees that do not actually improve your security posture.

Custodia does not certify — we prepare. We do the practical work that makes your organisation genuinely ready for certification, so that when you do engage a certification body, the process is straightforward and the outcome is not in doubt.

This approach is more effective and significantly less costly than paying a certifier's consultancy rates to tell you what needs fixing. We fix it first, then you certify.

What We Do

• Gap analysis — we assess your current security controls against the full Annex A control set and identify exactly what needs to change
• ISMS documentation — we build your Information Security Management System documentation, including policies, procedures and the Statement of Applicability
• Risk assessment framework — we establish a practical risk assessment process that works for your organisation, not a template copied from a textbook
• Technical controls — we implement the technical security measures your ISMS requires, because we are a managed security provider, not just a document writer
• Staff awareness — we train your team on their responsibilities within the ISMS so they understand what is expected of them
• Internal audit — we conduct a thorough internal audit before you engage a certification body, so there are no surprises

The Practical Difference

Many organisations approach ISO 27001 as a documentation exercise — write the policies, fill in the templates, hope for the best. This leads to an ISMS that exists on paper but does not reflect how the business actually operates.

Because Custodia already provides managed security, backup, and compliance services, we build your ISMS around controls that are genuinely in place and actively maintained. Your documentation describes what you actually do, not what you aspire to do.

This makes certification easier, ongoing surveillance audits simpler, and your actual security posture stronger.

Works Alongside Our Other Services

If you already use Custodia for managed security, disaster recovery or compliance, much of what ISO 27001 requires is already in place. Our managed firewalls, intrusion detection, air-gapped backups and compliance policies map directly onto Annex A controls.

We identify what you already have, document it properly, and fill in the gaps — rather than starting from scratch.

If you also need Cyber Essentials certification, we handle that too. Many organisations pursue both, and the control overlap means doing them together is significantly more efficient than doing them separately.