standards

ISO 27001 Certification – Information Security Management Consultancy (ISMS)

Protect business-critical information, strengthen stakeholder trust, and prepare for audit with ISO 27001

ISO 27001 is the international standard for Information Security Management Systems (ISMS). It helps you manage risks to data, systems, and intellectual property through structured controls, policies, and assurance processes.

Whether you handle client data, run cloud infrastructure, or manage sensitive internal records, ISO 27001 certification shows customers, investors, and regulators that your business takes information security seriously.

AvISO helps you design, implement, and manage a system that meets ISO 27001 requirements — aligned with real-world risks and sector expectations. We also support certification and ongoing improvement using our digital platform, ISOvA.

Data security at ISO Consultancy London
Data security at ISO Consultancy London
What our clients say

it down clearly, mapped our controls to real risks, and ISOvA made tracking actions simple. The auditor praised our Statement of Applicability and documentation clarity."

CTO, UK SaaS Provider

ISO 27001

ISO 27001 Implementation

Corps Security
ISO 27001

ISO 27001:2022 Implementation

Curiosity Software
ISO 27001

ISO 9001:2015, ISO 22301 and ISO 27001 Implementation

Spaceflux
See more Case Studies

How AvISO supports ISO 27001 implementation

We guide you through the process of building a secure, auditable, and sustainable ISMS — with practical templates, expert input, and fixed-cost support.

  • ISMS scoping and risk assessment
  • Gap analysis and current controls review
  • Annex A control mapping and SoA preparation
  • Policy, procedure, and record development
  • Internal audits and readiness reviews
  • Certification audit support and post-audit updates

Whether you're working towards first-time certification, recertification, or system refresh, our support is structured around your operations and risk profile.

Common ISO 27001 challenges — and how we solve them

  • Annex A overwhelm → We guide you through only the relevant controls and document how each is met
  • Disjointed documentation → Our templates and ISOvA platform keep policies, risks, and actions consistent
  • Weak engagement from staff → We run practical training on data handling, access control, and incident response
  • Audit anxiety → We simulate certification conditions so your team knows what to expect and how to respond

We help you build a system that protects information, fits your business, and holds up under audit.

Start your ISO 27001 journey with AvISO

Whether you’re aiming for certification or improving an existing ISMS, we’ll help you protect what matters, reduce risk, and make information security work in practice.

get in touch

ISO 27001 services from AvISO

Our information security consultancy combines clarity, expertise, and digital tools — so you can get certified with confidence and manage your ISMS long term.

Expert consultancy and project delivery

  • Dedicated consultant managing your full ISO 27001 implementation
  • Project plans with clear milestones and control mapping timelines
  • Remote or in-person support that aligns with your team’s capacity and systems

System development and documentation

  • Development of all core ISMS documentation: policies, procedures, and control registers
  • Detailed risk assessments linked to control selection
  • Creation of your Statement of Applicability (SoA) with clear rationale and evidence references
  • Setup of an information asset register and access control matrix

Internal training and team engagement

  • Staff workshops on information security awareness and best practice
  • Leadership sessions to support governance, Clause 5 alignment, and accountability
  • Support for incident reporting, breach response, and continual improvement

Internal audits and certification preparation

  • Full internal audit programme and evidence sampling
  • Mock audit and SoA walkthrough to prepare teams
  • Support during certification audit with your UKAS-accredited body

ISOvA for digital ISMS management

  • Free ISOvA access for your first project
  • Central dashboard for risk register, actions, audit findings, and documents
  • Automated version control, reminders, and audit trails
  • Real-time visibility over Annex A coverage and ISMS performance

No spreadsheets. No last-minute chasing. Just a clear, controlled system your team can manage with confidence.

Integrated ISO 27001 systems for long-term value

ISO 27001 is highly compatible with other ISO standards — and integration reduces effort, improves consistency, and strengthens your compliance framework.

  • ISO 27701 – Privacy information management
    Essential for organisations handling personal data. We link privacy risks and controls directly to your ISMS structure.
  • ISO 22301 – Business continuity
    Controls A.17 of ISO 27001 require continuity planning. Integrated systems align incident response, backups, and disaster recovery.
  • ISO 9001 – Quality management
    Combines well in regulated industries or where service quality and information protection must align. Joint audits and reviews reduce duplication – Automotive data security
    ISO 27001 provides a foundation for clients working with OEMs or in supply chains where TISAX is required.

We help you design integrated systems where controls are mapped, evidence is shared, and certification is streamlined — all supported through ISOvA.

ISOvA: your digital ISMS

ISOvA is a Microsoft 365-based platform that lets you manage your ISO 27001 system with clarity and control.

With ISOvA, you can:

  • Track risks, actions, and audit findings in one place
  • Manage Annex A controls, assign owners, and monitor evidence
  • Store and version all ISMS documents, SoA, and records
  • Run internal audits, management reviews, and performance checks with ease

Clients and auditors consistently tell us that ISOvA makes audits cleaner, responsibilities clearer, and certification more sustainable over time.

Why choose AvISO for ISO 27001?

  • Approved by and working closely with all major UKAS-accredited certification bodies
  • Deep experience across tech, finance, legal, and public sectors
  • 1,000+ audits supported each year, including complex ISMS scopes
  • Consultants who balance cyber, legal, and operational security needs
  • Digital-first delivery model using ISOvA
Talk to us about ISO 27001 certification

Let’s explore how we can help your team — from gap analysis to digital integration.
Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk

By filling out this form, you agree to the terms laid out in our privacy policy
Thank you!
Your submission has been received, one of our team members will be in touch soon.
Oops! Something went wrong while submitting the form.
ISO consultants kent

ISO 27001 FAQs

Most frequently asked questions

What is ISO 27001:2022?

ISO 27001:2022 is an international standard that provides a framework for information security management. It sets out requirements and best practices for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS) to protect sensitive information and assets.

What are the benefits of having ISO 27001:2022?

Implementing ISO 27001:2022 can bring several benefits to organisations, including improved information security, enhanced customer trust and confidence, better compliance with legal and regulatory requirements, reduced risk of data breaches and cyber-attacks, and improved business resilience and continuity.

Why would we need ISO 27001:2022?

Information security is a critical concern for organisations of all types and sizes, especially in today's digital age, where cyber threats are increasing in frequency and sophistication. ISO 27001:2022 provides a comprehensive framework for managing information security risks, ensuring the confidentiality, integrity, and availability of sensitive information and assets, and demonstrating compliance with legal and regulatory requirements. Implementing the standard can help organisations to protect their reputation, avoid financial and legal penalties, and achieve a competitive advantage.

How much does ISO 27001 certification cost?

AvISO Consultancy is the first in our industry to offer a quick and easy online quote for gaining ISO certification for ISO 27001. For a small business to gain UKAS accredited certification can cost approximately £3,000 to £25,000+, a considerable sum to pay out over a short period.

We’re very proud to be able to offer a monthly subscription that covers certification, consultancy and software costs. This cost is spread out over three years and provides you with the support and tools you need to gain UKAS-accredited ISO certification with no hidden charges Get Your Quote Here.

How long does it take to implement ISO 27001?
  • With the right preparation and a good understanding of what is required for ISO 27001 certification, most organisations can expect to achieve certification within 3 to 6 months, depending on their size and complexity.
  • This process starts with developing the management system, followed by Internal Audits to check for any gaps that would not meet the requirements of the standard.
  • Stage 1 audit is completed by an independent UKAS-accredited certification body that assesses the documentation produced for the management system to ensure it meets the requirements of the ISO 27001:2022 standard.
  • Stage 2 audit is your main assessment that, assuming you pass - which is determined by the extent to which the ISMS conforms to the standard – awards your certificate.  
Can ISO 27001:2022 be integrated into my existing management system?

Yes, ISO 27001:2022 can be integrated into an organisation’s existing management system, such as an Integrated Management System (IMS) that includes other standards like ISO 9001 (Quality Management System) and ISO 14001 (Environmental Management System). This can help to streamline the management of various systems and processes, reduce duplication of efforts, and enhance overall efficiency and effectiveness. The Annex SL framework that is common to many ISO management system standards also allows for easier integration of different management systems. However, it is important to note that the requirements of ISO 27001:2022 may have unique considerations that will need to be addressed during the integration process.

Can I implement ISO 27001 on my own?

Yes, you can. However, it is worth considering the time and cost of a workforce required to set up an ISO standard versus an external management consultant providing guidance and support to ensure conformity and certification. An ISO consultant can give regular expert advice and help set up and maintain an ISO 27001 Information Security Management System. A third-party certification body will independently audit your management system for conformity to the standard.

What is a Certification Body?
  • UKAS is the ‘United Kingdom Accreditation Service,’ recognised by the British Government to assess the competence of auditing bodies that provide certification, testing, inspection, and calibration services. UKAS audits certification bodies: such as ISOQAR, BSI, NQA and QEC to ensure compliance. Many businesses are caught out by certification bodies promoting ISO certification without UKAS accreditation. Unfortunately for these businesses, potential contracts can be lost when clients realise the QMS is not valid and may need to recertify with a UKAS-accredited certification body. Due to the conflict of interests, BSI, QEC etc, cannot offer guidance, so if you are offered consultancy and accreditation, please proceed cautiously.
How long is ISO 27001:2022 certification valid?

ISO 27001:2022 certification is valid for a period of three years from the date of the certification audit. However, the certification is subject to annual surveillance audits to ensure that the organisation’s Information Security Management System (ISMS) remains compliant with the standard's requirements and is effective in managing information security risks. These surveillance audits are usually conducted by the certification body to assess the ongoing performance of the ISMS and identify any areas for improvement.

At the end of the three-year certification period, the organisation must undergo a recertification audit to renew the certification. The recertification audit is similar to the initial certification audit and involves a comprehensive assessment of the organisation’s ISMS against the requirements of ISO 27001:2022. If the organisation successfully meets the standard's requirements during the recertification audit, the certification will be renewed for another three-year period.

Does an organisation have to be a specific size to have an ISO 27001:2022 certification?

There are no limits or restrictions to the size or type of organisation wanting to improve by using the ISO standard.

My Business has multiple sites across the country; do I need an ISO 27001:2022 for each site?

Not necessarily. The most cost-effective way would be for your organisation to have an umbrella system whereby all the sites would have to prove that the management system is being followed. A presentation certificate for each site can be issued to ensure conformity to the standard across all your sites. If more than 5 sites, they will apply a sampling approach to the audits; they will need to see all the sites over the 3-year cycle of the audit.

How do we get the correct ISO for our organisation-27001?

Research to support the improvement and effectiveness of the organisation’s management system would be best practice; implementing the ISO 27001:2022 Information Security Management System is the foundation upon which to build.

Speak to your clients about what they require, and get in touch with consultants like us to give advice on each standard.

Why should we use an AvISO Management Consultant?
  • We provide innovative and practical solutions
  • AvISO have an industry-leading reputation and a 100% certification success rate with the UKAS accreditation service. All our consultants are certified lead auditors and experts in their field for providing a first-class service.
  • We are experts with over 10 years' of experience in guiding businesses to success.
  • We practice what we preach – proudly ISO 9001, 27001 and Cyber Essentials qualified.
  • Our client-focused approach focuses on creating value for your business, not simply ticking clauses off a checklist. You can view our <clients testimonials> and <case studies> here.
What is the ISOvA Toolbox, and how does it work?

The ISOva Toolbox is a bespoke online tool designed by AvISO to record your management system data and information. It is used as an integral part of maintaining all aspects of your quality management system. Designed by leading ISO consultants ISOVAs intuitive User Interface, facilitates easy navigation of your ISMS and provides a real-time dashboard where you can track progress towards KPIs (key performance indicators), Objectives and Corrective Actions.

Who is the best person in our organisation to set up and manage an ISO management system?

Based on their education, skills, and knowledge from senior management, competent persons are recommended to work alongside our management consultants to maintain your management system. Varies from company to company, but whoever has a good working knowledge of the organisation and is given the resources to get the job done.

How much detailed company information is required?

ISO standards are designed in such a way that they can be adapted to any organisation, regardless of size.  If you are considering implementing an ISO Management System, all the requirements of the relevant standard will need to be considered by the company or organisation in question and addressed as part of your system.  Therefore, this requires an in-depth analysis of the organisation, including its context, interested parties, roles and responsibilities, legal and contractual obligations, risk environment, scope, number of employees and sites under the system’s remit.   As such, there is quite a bit of detailed information specific to each organisation that needs to be considered. AvISO can assist with advising organisations that may need additional support in this regard.

How much of the required information gathering can be done remotely?

Most, if not all, of the necessary information can be securely gathered and shared online through SharePoint. This is a secure method of safely sharing and updating documents online to maintain and support your management system.

What is the Legal Register, and how does it affect my business?

A legal register is a document or system that details legislation and regulations that your organisation must comply with due to its activities. The legal register becomes an essential resource for your organisation to refer to what you must do to ensure legislative compliance.  It is important to highlight that the legal register is provided as a guidance tool for clients to utilise, and AvISO is working consistently to ensure it is kept up to date with changes as they are issued, however, it is always advisable for organisations to seek appropriate legal advice on their specific legal obligations and responsibilities, to ensure requirements are met.

How do you calculate the number of days to implement an ISO 27001:2022 or any other standard?

It can vary when calculating how many days are required. Things to consider are the size of the organisation, the number of sites under the scope and the complexity of the management system. As a guide, it can take between three to six months.

Can someone from Aviso Consultancy offer training to an appointed person within our organisation to manage our Information Security Management System?

Yes, AvISO provides short training courses called Toolbox Talks about Management Systems. The courses are designed to give each clause a general understanding and further information.

Do AvISO consultants specialise in any one ISO standard?

Our consultants are certified lead auditors and are experienced in implementing not only ISO 27001:2022 but many other ISO standards, such as Quality, Health and Safety, and Environmental.  We have dedicated Consultants for each compliance area who can support and advise you across multiple compliance areas.

Will I have someone to help and advise me to maintain my Information Security Management System?

Our expert consultants are always available for help and advice. Regular visits and communication can be arranged together with an internal audit program agreed upon as an ongoing AvISO consultancy service.

What is an ISMS?

An Information Security Management System (ISMS) is a systematic approach to managing an organisation's information security processes, policies, and practices.

What security controls are required for ISO 27001?

The standard specifies a set of security controls in Annex A. However, the choice of controls depends on the organisation's risk assessment and security needs.

How often is ISO 27001 recertification required?

ISO 27001 certification is typically valid for three years. Organisations must undergo regular surveillance audits during this period and recertification when it expires.

What is ISO 27001?

It’s the global standard for information security management. It helps organisations identify, manage, and reduce risks to information and systems.

What are Annex A controls?

A set of 93 reference controls covering areas like access control, cryptography, operations, supplier management, and more. You only need to apply those relevant to your risks.

What is a Statement of Applicability (SoA)?

A document that lists which Annex A controls apply to you, why, and how they’re implemented. It’s a key document in the audit and must match your risk context.

Do we need cyber security software to get certified?

Not necessarily. ISO 27001 is technology-neutral. It focuses on managing risks and applying suitable controls — which could be technical, procedural, or contractual.

Can we integrate ISO 27001 with other systems?

Yes. It integrates easily with ISO 9001, ISO 22301, ISO 27701, and others under the Annex SL structure. We help you do this without duplicating effort.

How long does certification take?

Most organisations complete implementation in 3–5 months. Timescales vary depending on your complexity, readiness, and engagement level.

What happens during the audit?

The certification body will review your documentation, assess your risk register, test controls, and evaluate whether your ISMS meets the standard. We help prepare and attend if needed.

Will ISO 27001 help with contracts or tenders?

Yes — especially in tech, finance, healthcare, legal, and government sectors where data protection is critical.

What if we already follow Cyber Essentials or SOC 2?

We’ll map those efforts into your ISO 27001 system — and explain how they align with your risk treatment and controls.

Related articles

Articles you maybe interested in

ISO 9001 - Quality Management System Standard Articles
News

Monthly Legal Compliance Update for June 2025 by AvISO

ISO 9001 - Quality Management System Standard Articles
News

Legal Compliance Update for May 2025

choose a standard

What Standard are you looking to obtain:

ISO 9001 – Quality Management System Standard
ISO 14001 – Environmental Management System Standard
ISO 27001 – Information Security Management System Standard
ISO 20001 - Information Technology Service Management Part 1
ISO27701:2019 – Privacy Management System Standard
ISO 30071-1 - Digital Accessibility Standard
ISO 37001 – Anti-Bribery Management System Standard
ISO 45001 – Health and Safety Management Standard
ISO 50001 – Energy Management System Standard
ISO 14064:1 - Quantification And Reporting Of Greenhouse Gas Emissions And Removals
ISO 14067 - Carbon Calculator
PAS 2060 - Carbon Neutrality
ISO 17024 - Conformity Assessment of the Certification of Persons
ISO 17025 – The competence of testing and calibration laboratories
ISO 20121 – Event Sustainability Management System Standard
ISO 37301:2021 – Legal Compliance Management System 
ISO 31000 - Risk Management
ISO 37002 - Whistleblowing
The Digital Operational Resilience Act (DORA)
ISO 13485 Certification – Medical Device Quality Management Consultancy (QMS)
ISO 22000 – Food Safety Management System Standard
BES 6001 - Responsible Sourcing of Construction Products
ISO 22301 – Business Continuity Management System Standard
IATF 16949 – Automotive Quality Management System Standard
ISO 44001- Collaborative business relationships
BS 8900 - Guidance for managing sustainable development
CYBER ESSENTIALS – Cyber Security
SOC2 Compliance
ESOS – Energy Savings Opportunity Scheme
FIAS – Fertiliser, Security & Traceability
Lexcel – Legal Management System
MOD Standards
SECR - Streamlined Energy and Carbon Reporting
TISAX® – Information Security for the Automotive Industry
AS 9100 - Aerospace Quality Management System | Aqms
esos Energy Audits
B CORP CERTIFICATION
ISO 45003 - Occupational Health and Safety Management
ISO 42001:2023 - Artificial Intelligence 
FIA Environmental Accreditation
Need more info? Let us know how we can help
get in touch
ISO Consultancy London
Ask a Question
By clicking “Continue To Site”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Continue To Site