ISO 27001 Consultancy

ISO 27001 certification, end to end.

UK lead auditors. We design the ISMS, run the internal audits, and stay with you through Stage 1 and Stage 2.

Book a 30-minute scoping callGet a fixed-fee proposal
A leather portfolio with stacked binders and a tablet on a dark desk, representing a documented Information Security Management System

What is ISO 27001?

ISO/IEC 27001:2022 is the international standard for an Information Security Management System (ISMS). The ISMS is the set of policies, processes, and controls an organisation uses to manage information-security risk. The certifiable element is the ISMS itself, not individual controls or technologies.

Certification is awarded by an accredited certification body after a two-stage audit. It is valid for three years subject to annual surveillance audits. The current version is ISO/IEC 27001:2022; the predecessor ISO 27001:2013 is no longer the basis for new certifications.

Key facts

Current version
2022
Annex A controls
93
Control themes
4
ISMS clauses
10

What we do

Four engagement components covering the full ISO 27001 lifecycle.

Gap assessment

Where you stand today against ISO/IEC 27001:2022. We test the existing ISMS clauses and Annex A controls and produce a remediation plan with effort estimates.

ISMS design and build

Policies, procedures, risk register, statement of applicability, and the documented information your certification body will ask for. Built to fit your operating model, not a template library.

Internal audit

Independent internal audits run by our lead auditors against the ISMS clauses (4–10) and Annex A controls in scope. Findings come with severity, evidence, and a clear path to closure.

Certification support

We sit alongside you through Stage 1 (readiness) and Stage 2 (certification) audits with the certification body. We do not replace the certification body — we get you ready for them.

How a certification engagement runs

Five stages from scoping call to certificate. Surveillance audits follow annually.

  1. 1

    Scoping call

    30 minutes, free

    We confirm the ISMS scope — sites, processes, products in scope — and the certification timeline you need to hit.

  2. 2

    Gap assessment

    2–3 weeks

    We test current controls against the 2022 standard. Output: a phased remediation plan with priorities, effort, and dependencies.

  3. 3

    ISMS design and implementation

    8–16 weeks

    Policies, procedures, risk treatment plan, statement of applicability, evidence repositories. We work alongside your team — no throw-it-over-the-wall handover.

  4. 4

    Internal audit + Stage 1

    2–4 weeks

    Internal audit by our lead auditors, then Stage 1 documentation review with the certification body. Any gaps surface here, not at Stage 2.

  5. 5

    Stage 2 + certification

    2–4 weeks

    Stage 2 audit by the certification body. We support you through it. Certification follows, valid for three years subject to surveillance audits.

ISO 27001:2022 — what’s new

The 2022 revision is the basis for new certifications. If you are renewing or certifying for the first time, this is the standard you are aiming for.

Why 1 Sequence Cyber

PCI SSC-listed QSAC

Listed on the PCI Security Standards Council website as a Qualified Security Assessor Company. Our auditor team applies the same rigour to ISO 27001 work.

CREST DPT alignment

Penetration Testing aligned to the CREST Defensible Penetration Test specification — relevant to Annex A 8.8 (technical vulnerability management) and the broader ISMS testing programme.

Frequently asked questions

Related services: GRC · Penetration Testing · UK GDPR.

Ready to start your ISO 27001 programme?

Tell us your target certification date and current ISMS maturity. We’ll come back with a fixed-fee proposal within 48 hours.

Book a 30-minute scoping callGet a fixed-fee proposal

Back to all services.