ISO 27001 Specialists

ISO 27001, done properly, built to last.

Senior-led implementation that fits how your business actually works. No bloated frameworks. No junior handoffs.

ISMS · Stenward Ltd Live
Stage 2 readiness72%
From certification through every audit after. Fixed scope. Fixed price. No change orders. ISO 27001, SOC 2 and beyond.
The situation

Your next deal depends on a certification you don’t yet hold.

For most technology companies, ISO 27001 becomes a priority the moment revenue depends on it — when an enterprise deal stalls in procurement, or a security review asks for proof you can’t yet provide. Certification stops being a someday project and becomes the one thing standing between you and the contract.

The offer

ISO 27001 implementation, end to end.

Stenward takes you from wherever you are today through to certification — and can keep your management system audit-ready long after the certificate is issued.

Coverage

Every control. Every clause.

ISO 27001:2022 has two parts: a management system (Clauses 4–10) and 93 controls in Annex A across four themes. We build both — and document a clear justification for any control that doesn’t apply to you.

Part 1The management systemClauses 4–10
Part 2The controlsAnnex A · 93 across four themes
ISO 27001ISO 27701ISO 22301SOC 2PCI DSSGDPRCyber EssentialsISO 42001 · Q4 2026 ISO 27001ISO 27701ISO 22301SOC 2PCI DSSGDPRCyber EssentialsISO 42001 · Q4 2026
Our services

What we deliver.

The compliance function you don’t have to build.

Enterprise-grade rigour without the enterprise-grade overhead. One senior practitioner covers what would otherwise need a team or a costly hire.

Client outcomes

Client outcomes that speak for themselves.

Process

How it works.

A proven four-phase approach, tailored to your situation and keeping you involved every step of the way.

Our commitment

The scope you agree is the scope we deliver.

The price you agree at the start is the price you pay. No change orders. No mid-project surprises.

Most consultancies scope quickly with a junior and a checklist, then bill for what they missed. We scope carefully before we quote — and the senior practitioner running discovery is the same person delivering the work. If we get the estimate wrong, that’s ours to absorb. Not yours.

We scope it ourselves. Carefully, before we ever quote a price. Fixed-price engagement. Documented in your Statement of Work. Scope changes only if you change scope. Anything new is quoted separately.
01

Discovery & scoping

We map your environment, interview key stakeholders, and define a realistic ISMS scope. Typically 2–4 weeks.

Environment mappingStakeholder interviewsScope definitionInitial gap assessment
02

Build the ISMS

We develop your risk assessment, policies, controls and Statement of Applicability — embedded into how your team already works. Typically 4–6 months.

Risk assessmentPolicies & proceduresControls designEvidence gathering
03

Audit preparation

An internal audit stress-tests your ISMS against the standard, with time to fix gaps before the real audit. Typically 6–8 weeks.

Internal auditManagement reviewFinding remediationEvidence organisation
04

Certification & beyond

We stand alongside you through your external certification audit — and can stay on to keep your ISMS audit-ready long after.

External audit supportCertification achievedOngoing retainerPost-cert confidence
Zorain Choudhary
Zorain Choudhary
Client Success Lead
Connect on LinkedIn
Get in touch

Let’s talk about where you are.

Whether you have a deal waiting on certification or you’re getting ahead of what’s coming, the first step is a conversation. No pressure, no obligation — just a clear, honest view of what ISO 27001 will take for a company like yours.

Book a 30-min call
June 2026 · GMT
30 min
MTWTFSS
Pick a day to begin