ISO 27001 is the internationally recognised standard for Information Security Management Systems (ISMS). Certification demonstrates to clients, partners, and regulators that your organisation has a robust, systematic approach to protecting sensitive information.
ISO/IEC 27001:2022 — the current version — defines 93 security controls across four themes: Organisational, People, Physical, and Technological. Certification involves a Stage 1 documentation review and a Stage 2 audit by a UKAS-accredited body, valid for three years with annual surveillance audits.
P2P CyberDefence guides you through every stage — from initial gap analysis to certification and beyond — building an ISMS that is both audit-ready and genuinely effective.
"ISO 27001 is a mandatory tender requirement for many enterprise and government contracts. Certification unlocks revenue that was previously inaccessible."Typical timeline: 3–6 monthsFixed-fee, quoted after free gap review
Enterprise clients and public sector bodies require ISO 27001 as a procurement condition. We build a certification-ready ISMS that opens those doors.
A breach exposes you to ICO fines and legal claims. ISO 27001 controls systematically reduce breach likelihood and demonstrate due diligence to regulators.
Security questionnaires slow your sales cycle. Certification is a universally understood trust signal that shortens procurement due diligence.
The FCA, CQC, and NHS Digital increasingly expect demonstrable security governance. ISO 27001 provides the documented controls and audit trail they look for.
Informal security practices make audits impossible. We author the full policy library, risk register, Statement of Applicability, and evidence pack.
The ISMS risk treatment process creates a board-reportable risk register with clear ownership of every residual risk.
Assessment against all 93 ISO 27001:2022 controls with a prioritised remediation roadmap, effort estimates, and risk ratings.
The full documentation suite — Information Security Policy, Access Control, Incident Response, and 20+ supporting procedures.
ISO 27005 methodology risk register with owners, likelihood, impact, and a signed-off risk treatment plan.
The mandatory SoA documenting which Annex A controls apply, with justification for every inclusion and exclusion.
Internal ISMS audits that surface non-conformities before the certification body does — with corrective action tracking.
Annex A.5.19–5.22 supplier controls: security questionnaires, contract clauses, and third-party access reviews.
A mock Stage 1 and Stage 2 assessment with a remediation sprint plan before your formal audit.
Surveillance audit preparation, annual management reviews, and continual improvement tracking after certification.
Gap analysis, scope definition, risk assessment, and the policy framework.
Implement controls, train staff, and deploy technical measures.
Internal audit, management review, and performance monitoring.
Corrective actions, continual improvement, and surveillance audits.
Whether you are starting from scratch or updating an existing ISMS to the 2022 standard, we offer a free consultation to assess your posture and quote a fixed-fee project cost.