Cybercraft
← Back to Strategic services Strategic

Your client or tender requires ISO 27001. Here is the most direct path to certification.

ISO 27001 has become a standard requirement in enterprise procurement, government contracts, and competitive tenders. If you are here because someone put it in a contract or RFT, we have done this before — and we know the fastest, most defensible path to certification for a business your size.

What's involved

Certification requires a working Information Security Management System, not just documentation. We build yours from the ground up: scope definition, risk assessment, Statement of Applicability, Annex A control implementation, internal audit, and management review. Everything is tailored to your organisation — nothing is templated.

We prepare your team for the certification audit and support you through Stage 1 and Stage 2 assessments with a certification body of your choice. The engagement is structured to be as direct as possible — we are not interested in extending timelines.

This is a phased engagement. The board commits to the outcome; we sequence the work to minimise disruption and keep momentum.

Deliverables

  • ISMS scope definition and context of the organisation
  • Information security risk assessment and treatment plan
  • Statement of Applicability with Annex A control mapping
  • Complete ISMS documentation suite (policies, procedures, records)
  • Internal audit programme and first internal audit
  • Management review facilitation
  • Certification audit preparation and support
  • Post-certification surveillance audit guidance

Business benefits

  • Meet the certification requirement that is blocking a contract or tender
  • Internationally recognised credential that opens doors beyond the immediate client
  • A management system that actually reduces risk — not just a certificate on the wall
  • Foundation for ISO 27701, 27017/27018, or SOC 2 if those come next

Engagement process

Gap analysisDetailed assessment of your current state against ISO 27001:2022 requirements. Identifies the work needed and informs the implementation plan.
ISMS designScope, risk methodology, governance structure, and Statement of Applicability defined with your leadership team.
ImplementationControls implemented, documentation created, processes established. Your team is trained and involved throughout.
Internal auditFirst internal audit conducted to verify the ISMS is operating effectively and identify any gaps before the certification audit.
Certification supportStage 1 and Stage 2 audit preparation, auditor liaison, and support through to successful certification.
Talk to us about ISO 27001

A client or tender put ISO 27001 on the table?

Tell us the timeline and what the requirement looks like. We will give you an honest assessment of what is achievable and what a realistic certification programme involves for your organisation.

Talk to us about ISO 27001

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.