Effective implementation - minimum disruption
ISO 27001 is the leading, globally recognised information security certification, and is key for demonstrating your business’ commitment to keeping internal, client and customer data secure. However, to minimise business disruption and facilitate successful certification, you need more than off the shelf policies and processes. You need a streamlined approach tailored specifically to your business.
From finance to tech, and healthcare to retail, our team of ISO 27001 consultants are experts in guiding businesses of all sizes through the steps needed to achieve certification.
- Fixed price certification
- Tailored to fit your business
- A clear 6-step ISO 27001 process
- Proven path to certification
The certification partner of choice for businesses of all sizes
When you work with Nicolson Bray, you get more than a team of accredited ISO Lead Auditors and Implementers. You leverage decades of hands-on experience defining and implementing information security solutions that are pragmatic, affordable and effective.
Confident working in high-risk industries such as finance, healthcare and education, our ISO 27001 consultants deliver implementations which integrate seamlessly with your business. The result is not only ISO 27001 certification, but an ISMS that adds tangible business value.
Businesses of all sizes trust Nicolson Bray cyber security consultancy
Our proven approach to achieving ISO27001
A dedicated team with decades of experience
Tap into a team of world-class ISO 27001 consultants with decades of experience identifying and protecting against cyber security threats.
With hands-on experience implementing ISO/IEC 27001:2013 and the newer ISO/IEC 27001:2022, we streamline certification so that you achieve success.
Protect your brand - and your budget
After the initial gap-analysis we provide you with a fixed price quote, allowing you to budget with confidence.
During implementation our consultants work with your team to identify existing infrastructure which can be leveraged and supply you with the tools you need to support any specific Information Security Management System (ISMS) processes.
We protect your budget as well as your business.
A certification service tailored to your business
There is no one size fits all for ISO 27001.
Our experienced team will select and customise Annex A controls to tightly align with your business, craft policies to ensure maximum protection, and work with your teams to design streamlined information security processes.
We lead you on a proven path to certification.
Our process
Our 6-step ISO 27001 consultancy process is designed to deliver a streamlined ISMS which fits perfectly with your business.
Gap analysis & scoping
Our consultants will review what is currently in place, identifying gaps in ISO 27001 requirements and planning the best scope for certification.
Risk assessment & remediation planning
We will define risk management processes and carry out your first risk assessment to identify information security threats and risks to your business. From here, we will create a risk treatment plan and implement security protocols to effectively prioritise and manage your cyber business risks.
ISMS framework & process development
We will select the correct information security controls in line with your cyber business risks, document them in a Statement of Applicability (SoA) and define and develop processes to run your ISMS.
Policy & documentation support
We will navigate the nuances of ISO27001 paperwork and deliver the full documentation set required for certification.
Training
Educate your internal staff on the processes and procedures needed to run and manage your ISMS to make sure your information security stays watertight.
Internal audit & pre-assessment review
We will engage an independent auditor to conduct a full internal audit to ensure your ISMS meets your business requirements, including those of internal and external stakeholders. We will also prepare you for Stage 1 and Stage 2 of your certification audits.
Get your free, no-obligation consultation
Free ConsultationFAQ
01. What is ISO 27001?
ISO 27001 is an international standard that provides organisations with a framework for establishing, implementing, operating, monitoring, maintaining and improving their Information Security Management Systems (ISMS).
02. How much does it cost to implement ISO 27001?
The cost of ISO 27001 certification varies depending on the size of your business, the industry you are in, the scope you wish to cover and other considerations.
To protect your budget our bespoke ISO 27001 service is designed to use your current infrastructure wherever possible, minimising cost whilst maximising certification success rate.
In addition after gap analysis we provide a fixed pice quote allowing you to budget with confidence.
03. Is ISO 27001 internationally recognised?
Yes, ISO 27001 is the leading internationally recognised information security certification.
04. Will ISO 27001 compliance be difficult to achieve?
In short, no. How much work is required depends on how mature your existing information security is, and this is one of the first areas we look into. We start our 6-step ISO 27001 certification process with a full gap analysis, which helps us determine exactly what you currently have in place, allowing us to plan what’s needed from there.
05. Will we need to invest in lots of new security technology?
Not necessarily. ISO 27001 is about putting in place solid risk management processes. Not all risks need to be mitigated as part of this, and we will advise where possible to leverage existing infrastructure and investments. Our aim is for you to be in control of your risks in as effective and efficient a way as possible.
06. Does ISO 27001 require ongoing work?
Managing information security risk is an ongoing process, as new risks can appear as the threat level, or your business, changes.
A successful implementation will embed this risk management into your business.
In addition annual internal audits and external surveillance audits need to be undertaken.
07. How long is certification valid for?
Certification is valid for 3 years, at which point you will need to undergo a recertification audit. If you are maintaining your ISMS on a regular basis, recertification should be a fast and affordable process.
08. How does ISO 27001 help with GDPR compliance?
As the international information security standard, it outlines the requirements for Information Security Management Systems, including key processes for identifying, mitigating and controlling data protection risks.
09. What are the benefits of ISO 27001 certification?
Organisations with ISO 27001 certification have access to tools and processes to effectively manage risk associated with the storage, access and use of sensitive data. Additionally, it demonstrates to clients your commitment to information security.
010. How long does certification take?
The length of the process for achieving ISO 27001 certification can vary depending on an organisation's size and complexity.
Generally, it takes around 6-18 months from start to finish. Most smaller organisations can expect certification within 6 months, but it can take longer depending on the scope and complexity of the challenge.
From finance to healthcare, our team of experts have helped businesses of all industries achieve ISO 27001 certification. We know what it takes to successfully manage the process and will help guide you through it quickly and effectively.
011. Why Nicolson Bray?
Nicolson Bray is a boutique cyber security firm, built on a team of consultants with decades of experience in end-to-end cyber security management. We partner with your business to understand its unique requirements, providing a personal, friendly service that leads to a streamlined and effective ISO 27001 implementation.