← Back to home

ISO 27001 Implementation

End-to-end ISO 27001 certification, led by a senior practitioner from scoping to your stage 2 audit.

Stenward takes you from wherever you are today — even a blank page — to a certificate you can rely on, and an information security management system your team can actually run afterwards. One senior practitioner leads the whole engagement. No junior handoffs, no template dumps.

What we do

Our ISO 27001 implementation follows a proven four-step process, ensuring your ISMS is properly scoped, built to your environment, audit-ready, and successfully certified.

1
Discovery & Scoping
Map your environment, define the ISMS scope, and run a gap assessment against the standard.
2
ISMS Foundation
Risk assessment, core policies and procedures, and your Statement of Applicability.
3
Controls Implementation
Technical, operational, and people controls embedded into how your team already works.
4
Audit Preparation & Execution
Internal audit, management review, and full support through your stage 1 and stage 2 external audits.

Two ways we deliver

Depending on your current state, we have two proven approaches:

Platform-paired Built from scratch
Best for Companies using a compliance platform (Vanta, Drata, Sprinto, and similar) Companies with no platform in place
What we do Configure and drive the platform, focusing our time on strategy, scope, and audit readiness Produce your complete ISMS documentation set from the ground up, tailored to you
Typical timeline Around five months to your stage 2 audit Around seven to eight months to your stage 2 audit

We're platform-agnostic. We'll work with what you have, or help you decide if a platform is worth it.

What's included

All ISMS documentation tailored to your environment
Risk assessment and Statement of Applicability
Control selection, design, and implementation guidance
Vendor risk management
Incident response and business continuity procedures
A security awareness training module for your team
Internal audit coordinated via an independent partner
Management review facilitation
Full attendance and support at your stage 1 and stage 2 audits
Direct senior delivery throughout

What's not included

We believe in being transparent about scope:

Certification-body fees (paid directly to your certification body)
Penetration testing (we'll recommend trusted partners)
Technical implementation inside your own infrastructure (we specify and guide; your engineers implement)

Not sure if this is the right fit?

The first step is a short, no-pressure conversation about your situation.

Book a call →

Or email us at info@stenward.com