The service

ISO 27001 consultancy for UK organisations

A senior CyPro practitioner owns your programme from gap analysis to certificate: the ISMS built, the documents written, the internal audit done, and your team supported through the UKAS assessment. Fixed fees by headcount, published in full.

What you get

The four blocks of work

3D illustration of the gap analysis and roadmap

Gap analysis and roadmap

Where your ISMS stands against clauses 4 to 10 and all 93 Annex A controls, sequenced into a costed plan. If you only buy one week of help, buy this one.

3D illustration of ISMS design

ISMS design and build

Scope, risk methodology, Statement of Applicability, policies and the mandatory documents, built around how your organisation actually operates.

3D illustration of control implementation

Control implementation

Hands-on help putting the selected Annex A controls in place, from access control and supplier management to logging and incident response, with your team or for them.

3D illustration of internal audit and certification support

Internal audit and certification support

The independent clause 9.2 internal audit, management review preparation, then support through your certification body's Stage 1 and Stage 2 assessments.

The step-by-step journey, including where the certification body comes in, is on the process and timeline page.

The differences that matter

How this consultancy is built

The ISO 27001 market sells day rates, toolkits, platforms and audits, often from the same company. We deliberately sell one thing: readiness, priced fixed, independent of whoever certifies you.

UK-wide and remote-first, with on-site days where the work needs them, and London coverage as standard.

Fixed fees, not day rates

Our bands are published on the cost page and hold regardless of how many workshops it takes. A day-rate consultant has no incentive to finish; a fixed-fee one has no incentive to linger.

We are not the certification body

Certification is issued by the UKAS-accredited body you choose. Because we never mark our own homework, our documentation has to survive someone else's scrutiny, which is exactly the discipline you are paying for.

We are not selling a platform

No subscription rides along with our advice. If a compliance platform genuinely suits you, we will say so and work with it; the comparison page exists because we can afford to be straight about it.

Practitioners, not template couriers

The people on your programme run security operations, incident response and CISO services across CyPro's client base. Your ISMS is written by people who have operated one.

Quick answers

Consultancy questions, answered

What does an ISO 27001 consultant actually do?

Everything between deciding you need the certificate and holding it: gap analysis, ISMS design, documentation, risk assessment, control implementation, the mandatory internal audit and preparation for the certification body's assessments. The consultant does the thinking and drafting; your team makes the decisions only you can make.

Do we need a consultant, or can we do ISO 27001 ourselves?

Plenty of organisations self-implement with a toolkit, and for some it is the right call. The trade is your team's time, typically months of it, and the risk of documentation that does not match practice. Our route comparison sets out the year-one costs of all three approaches side by side.

Toolkit vs platform vs consultant

How much does ISO 27001 consultancy cost?

Published UK analyses put consultancy-led readiness for organisations under 50 staff at roughly £8,000 to £15,000, rising with headcount. Our own fees are fixed by headcount band and published in full on the cost page, with the certification body's audit fee shown separately.

See our fees

Do you work with organisations outside London?

Yes. The team is UK-wide and remote-first, with on-site days where the work genuinely needs them, typically the gap analysis kick-off and audit support. Location does not change the fee band.

3D rocket illustration for booking a free ISO 27001 scoping call

Scope it properly

Put your programme in front of a practitioner

A free 45 minute scoping call maps your estate, your deadline and your band. You leave with a fixed fee whether or not you use us.