Senior-led implementation that fits how your business actually works. No bloated frameworks. No junior handoffs.
For most technology companies, ISO 27001 becomes a priority the moment revenue depends on it — when an enterprise deal stalls in procurement, or a security review asks for proof you can’t yet provide. Certification stops being a someday project and becomes the one thing standing between you and the contract.
Stenward takes you from wherever you are today through to certification — and can keep your management system audit-ready long after the certificate is issued.
ISO 27001:2022 has two parts: a management system (Clauses 4–10) and 93 controls in Annex A across four themes. We build both — and document a clear justification for any control that doesn’t apply to you.
A proven four-phase approach, tailored to your situation and keeping you involved every step of the way.
The price you agree at the start is the price you pay. No change orders. No mid-project surprises.
Most consultancies scope quickly with a junior and a checklist, then bill for what they missed. We scope carefully before we quote — and the senior practitioner running discovery is the same person delivering the work. If we get the estimate wrong, that’s ours to absorb. Not yours.
We map your environment, interview key stakeholders, and define a realistic ISMS scope. Typically 2–4 weeks.
We develop your risk assessment, policies, controls and Statement of Applicability — embedded into how your team already works. Typically 4–6 months.
An internal audit stress-tests your ISMS against the standard, with time to fix gaps before the real audit. Typically 6–8 weeks.
We stand alongside you through your external certification audit — and can stay on to keep your ISMS audit-ready long after.
Whether you have a deal waiting on certification or you’re getting ahead of what’s coming, the first step is a conversation. No pressure, no obligation — just a clear, honest view of what ISO 27001 will take for a company like yours.