Talk to a security advisor — a free 30-minute review
AlphaCISO®
Contact us
All servicesService

ISO 27001 Audit

Certification-ready, not just compliant.

A management system an auditor can actually certify

ISO 27001 is not a checklist of controls — it is a management system. Certification bodies test whether your ISMS is scoped honestly, driven by a real risk assessment, and operating with evidence behind it. Companies fail Stage 2 not because controls are missing, but because the plan-do-check-act loop was never running. We close that gap before the auditor finds it.

This work suits anyone heading into first-time certification, a transition to the 2022 control set, or a recertification where the program has drifted.

How we work

  • Scope. We fix the ISMS boundary — systems, sites, and people — so it is defensible and not quietly excluding your real exposure.
  • Gap analysis. We assess your current state against the 93 Annex A 2022 controls and the Clause 4–10 management requirements.
  • Statement of Applicability. Each control is justified, included, or excluded with a documented rationale tied to your risk treatment plan.
  • Internal audit. We run a full internal audit and management review so Stage 1 finds a system already in motion.

From readiness to certificate

We do not issue certificates — that is the certification body's job, and we keep that line clean. Our role is to make Stage 1 and Stage 2 a formality, with every clause, control, and piece of evidence already in place.