ISO 27001 Readiness

We prepare your organisation for certification — properly, practically, and without unnecessary consultancy costs.

ISO 27001 certification is increasingly demanded by larger clients, supply chains and public sector procurement. But the certification process itself can be expensive, drawn out and full of consultancy fees that do not actually improve your security.

We do the practical work that makes your organisation genuinely ready for certification, so that when you engage a certification body, the process is straightforward and the outcome is not in doubt. We fix it first, then you certify.

This is different from Cyber Essentials. Cyber Essentials is a baseline standard covering five technical controls — it proves you have the fundamentals in place. ISO 27001 is a comprehensive management system covering how your entire organisation handles information security, from risk assessment through to staff awareness and supplier management.

What We Do

• Gap analysis — assess your current controls against the full Annex A control set and identify exactly what needs to change
• Security management documentation — build your information security management system, including policies, procedures and the statement of applicability
• Risk assessment framework — establish a practical risk assessment process that works for your organisation, not a template copied from a textbook
• Technical controls — implement the security measures your management system requires, because we are a managed security provider, not just a document writer
• Staff awareness — train your team on their responsibilities within the management system
• Internal audit — conduct a thorough internal audit before you engage a certification body, so there are no surprises

The Practical Difference

Many organisations approach ISO 27001 as a documentation exercise — write the policies, fill in the templates, hope for the best. This leads to a management system that exists on paper but does not reflect how the organisation actually operates.

Because Custodia already provides managed security, backup and compliance services, we build your management system around controls that are genuinely in place and actively maintained. Your documentation describes what you actually do, not what you aspire to do.

Works Alongside Our Other Services

If you already use Custodia for managed security, disaster recovery or compliance, much of what ISO 27001 requires is already in place. Our managed firewalls, intrusion detection, air-gapped backups and compliance policies map directly onto Annex A controls.

If you also need Cyber Essentials certification, the control overlap means doing them together is significantly more efficient than doing them separately.