A specialist service from CyPro

ISO 27001 certification in the UK, without the guesswork

CyPro's security team builds your ISMS and gets you audit-ready; a UKAS-accredited certification body independently assesses you. Fixed readiness fees, realistic timelines, no day-rate meter running.

  • Readiness fees published in full
  • UKAS-accredited audit, arranged
  • Certified in months, not years
  • Named UK practitioners
3D shield with a checkmark representing certified information security

Trusted by

az
bgi
british gas
cigna
deloitte
euroclear
jpm
kpmg
lme
m & g
ns & i
royal london
rsa
schroders
shell
ubs
virgin trains
william hill

The service

From gap analysis to certificate, handled end to end

One engagement covering everything between "our customers are asking for ISO 27001" and holding the certificate.

3D illustration of the ISO 27001 gap analysis

Gap Analysis

We measure your current security posture against every clause and control the standard demands, and hand you a costed, prioritised route to certification. No surprises later.

3D illustration of ISMS design and build

ISMS Built Around Your Business

Your information security management system is shaped to how your organisation actually works, not copied from a template your auditor has seen a hundred times before.

3D illustration of ISMS documentation

Documentation That Earns Its Keep

The mandatory documents, the Statement of Applicability and the policies, written to be used by your team, because auditors can tell the difference between paperwork and practice.

3D illustration of risk assessment and control selection

Risk Assessment and Controls

A risk assessment your leadership can actually read, driving the selection of Annex A controls that genuinely reduce your risk rather than padding the audit file.

3D illustration of internal audit and certification support

Internal Audit and Audit Support

The independent internal audit clause 9.2 requires, then hands-on support through the certification body's Stage 1 and Stage 2 assessments.

3D illustration of the roadmap beyond certification

Beyond the Certificate

Surveillance audit support, ISMS maintenance and the roadmap for what your customers ask about next, from privacy extensions to AI governance.

What is ISO 27001?

ISO 27001 is the internationally recognised standard for running an information security management system (ISMS). It certifies that your organisation runs a working information security management system (ISMS): risks assessed, controls chosen and justified, documents maintained and audited every year. It is not legally mandatory in the UK, but enterprise customers, tenders and due diligence processes increasingly treat it as the entry ticket. Certificates run on a three year cycle with annual surveillance audits.

The standard explained in full

Why CyPro

Consultancy that answers to you, not the audit

3D illustration of independent assessment

Genuinely independent

We prepare you; a UKAS-accredited certification body of your choosing assesses you. Because we are not the ones marking the exam, our advice only has to serve one interest: yours.

3D illustration of published readiness fees

Fees published, audit costs itemised

Our readiness fees are fixed by headcount and published in full, with the certification body's audit fee shown separately, so you can budget the whole journey before committing to any of it.

3D illustration of named security practitioners

Named senior practitioners

Your programme is led by CyPro's senior security team, practitioners who run ISMS programmes and sit in certification audits for a living, and who are named on this site.

3D illustration of passing the certification audit

Built for the audit you will actually face

Everything is prepared against what UKAS auditors genuinely test at Stage 1 and Stage 2, so the assessment confirms what we already know rather than discovering problems.

3D illustration of certification in months

Months, not years

Typical UK projects run three to four months for smaller organisations and five to eight at mid-size. We publish the timeline drivers so you can see where yours will land.

3D illustration of growing UK businesses

Built for growing businesses

Delivered by CyPro, whose whole practice is protecting SMBs and high-growth companies whose customers are starting to demand ISO 27001.

Your experts hold

  • CIPM
  • CIPP E
  • CISA
  • CISM
  • CISSP
  • CRISC
  • ISO 27001
  • Prince2

Results, not promises

What clients say

3D illustration of common ISO 27001 questions

Good questions

Frequently asked questions

Is ISO 27001 mandatory in the UK?

No law requires it. What requires it, increasingly, is commerce: enterprise procurement, public sector frameworks, insurer questionnaires and investor due diligence all treat ISO 27001 as expected assurance. Most UK certifications happen because a contract demanded one, which is a good reason to certify before the contract that demands it arrives.

What is ISO 27001 in one sentence?

ISO 27001 is the benchmark international standard for how organisations manage information security: it certifies that your organisation runs a working, independently audited system for assessing security risks, operating justified controls and improving continuously.

The standard explained

How much does ISO 27001 certification cost in the UK?

Three costs: readiness (our fixed bands by headcount, published on the cost page), the certification body's audit (around £1,250 per auditor day at 2026 UK rates, with a floor of roughly £6,250 for the smallest organisations under ISO 27006 day minimums), and annual surveillance from around £1,500. Budget the whole journey, not just the first invoice.

Every cost itemised

How long does ISO 27001 take?

Typical UK projects run three to four months for organisations under about 50 staff and five to eight months at 150 to 500. The audits are days; the calendar goes on building the ISMS and letting evidence accrue. Promises of certification in weeks should make you ask what, exactly, is being certified.

The month-by-month timeline

3D rocket illustration for booking a free ISO 27001 scoping call

Take the first step

Get to ISO 27001 without the guesswork

Book a free 45 minute scoping call: where your ISMS stands today, what the UKAS audit will demand, and one fixed fee for getting there. No obligation, no hard sell.