ISO 27001 Consultancy UK: Achieve Certification in 90 Days
Get ISO 27001 Certified Fast – Without the Overwhelm
If your client or prospect has just asked, “Are you ISO 27001 certified?”, you’re probably feeling the pressure. You know you need certification quickly — but the process sounds complex, time-consuming, and full of jargon.
That’s exactly why I created ISO 27001 in 90 Days — a fast, structured consultancy and coaching programme that uses a structured approach to get small businesses ready for audit in as little as three months, even less in some cases.
I also offer;
Internal audits/gap analysis services
Fully outsourced ISO 27001 implementations
Documentation reviews
“Kept us on task and made sure we sailed through our assessment. Highly recommend!”
— Jenna Cooper, Helpthemove
Book in a discovery call
First Pass Guarantee · UK-Based, remote first · Templates included · 30 day 100% credit upgrades from course & toolkit
You’ll follow my proven five-step coaching roadmap, which has guided dozens of UK and International SMEs through their compliance journey to certification success — without drowning in documentation or unnecessary bureaucracy.
The programme also helps your organisation stay compliant with evolving security and data protection requirements.
Who This Is For
This programme is designed specifically for small to medium-sized B2B tech companies, SaaS providers, and startups who:
Need ISO 27001 certification quickly to win a contract or tender
Want to build credibility with enterprise customers
Don’t have time to figure out the standard themselves
Prefer to do most of the work in-house, with expert direction and accountability
Who It’s Not For
Larger organisations > 250 staff
Teams without availability in the next 6 to 10 weeks.
Organisations that are unable to implement change quickly
More…
If that sounds like you, this model gives you everything you need to pass your ISO 27001 audit — efficiently, confidently, and affordably. Certification also helps build stakeholder confidence by demonstrating your commitment to security and operational resilience. Becoming ISO certified further demonstrates your dedication to best practices and information security.
Achieving ISO 27001 certification not only meets these needs but also provides a competitive edge, helping your business stand out. Gaining ISO 27001 certification demonstrates that your organisation takes information security seriously and is committed to protecting information assets in line with internationally recognised standards.
“We highly recommend Alan for his excellent support and expertise. He demonstrated great ability to answer our questions with clarity and provided thorough guidance throughout the entire process. His approach to explaining the ISO standard made everything more understandable and relatable.
Working with Alan was easy and a positive experience. He always approached all conversations with a kind and cheerful mood. Anyone seeking an experienced and helpful advisor for ISO 27001 certification can trust Alan to guide them effectively through the process.“
René Berg Jensen
Why It Works
Traditional consultancy can drag on for six months or more. My 90-day model is different because it focuses on Minimal Viable Compliance — the minimum needed to pass your first audit and lay a solid foundation for continuous improvement later. This program is a cost-effective solution designed to streamline your ISO 27001 journey.
You’ll benefit from:
Structured checkpoints – stay on track, focused, and audit-ready
Plain-English guidance – no jargon, just practical steps and templates
Begin Hands-on – you do the work, but I guide everything, so you learn how to run an ISMS through doing.
Expert support – receive clear, practical help from an experienced consultant throughout the process
Save valuable time – my structured approach identifies necessary steps efficiently, speeding up your certification
Proven templates and policies – everything you need to satisfy your auditor
A pass guarantee – if you don’t pass, I’ll help fix it free of charge
More…
This program helps organisations meet legal and regulatory requirements related to information security. The structured approach also helps reduce the risk of security incidents and reduces breaches.
This program not only helps you achieve certification quickly but also lays the foundation for continual improvement of your management system. This approach ensures compliance with regulatory requirements.
You’ll complete your ISO 27001 journey through five structured checkpoint sessions — covering everything from scoping to pre-audit readiness.
The process follows a risk-based approach to information security management, ensuring that risks are systematically identified, evaluated, and managed throughout each stage.
You control the pace: most organisations complete the process in 8–12 weeks, depending on how quickly you work through the material. The process is designed to establish a robust security management system (ISMS) in line with ISO 27001 standards.
1. Kick-Off & Scope Review
We start by setting the foundation.
What we’ll cover:
Define your ISO 27001 scope
Review any existing policies and documents
Assess your organisation’s context (Clause 4)
Conduct a gap analysis to identify areas for improvement
Walk through leadership and objectives (Clause 5)
Agree on your project plan and certification timeline
By the end, you’ll have a clear plan and full understanding of what’s required — no guesswork, no confusion. The process is tailored to your organisation’s specific needs, ensuring relevance and effectiveness.
2. Risk ReviewSession
Next, we identify and address your biggest information security risks. This step helps you manage information security risks by taking a risk-based approach to protecting your organisation’s information assets.
We’ll:
Create or review your risk assessment method
Identify key risks (suppliers, ransomware, outages, cyber attacks, etc.), including threats to information assets, sensitive data, and confidential information
Build your risk treatment plan
Review and align with Clause 6: Planning
This risk assessment process helps reduce the likelihood and impact of a data breach by identifying and managing potential threats.
You’ll come away with a practical, auditable risk register and clarity on how to handle high-impact scenarios — a major focus for any auditor.
3. Statement of Applicability (SoA)
This is where we map your controls against Annex A’s 93 controls. Aligning your approach with the ISO standard, ensures your information security management system meets international best practices.
We’ll:
Review the controls that apply to your business, including all relevant security controls and information security controls
Clarify inclusions and justified exclusions
Finalise your Statement of Applicability using my proven template
Integrate Clause 7 (Support) and Clause 8 (Operation)
You’ll know exactly what controls your auditor expects to see — and how to demonstrate them in a right-sized, realistic way. Our ISO 27001 consultancy services support the effective implementation and ongoing management of these information security controls.
4. Performance & ImprovementSession
Here we bring everything together and show how your ISMS performs in practice.
We’ll cover:
Key performance metrics and audit evidence
Internal audit planning and sample audit records
How to run an effective management review
Clause 9 (Performance Evaluation) and Clause 10 (Improvement)
The role of regular audits and annual surveillance audits in ongoing compliance and continual improvement
By this point, your system is operational — not theoretical — and ready for formal assessment. Utilising comprehensive audit services, including support for internal audits and annual surveillance audits, is essential for maintaining ISO 27001 certification and ensuring continual improvement.
5. Final Readiness Check
The final session is a mock audit walkthrough. We check everything your accredited certification body will look for during the certification audit, ensuring you are fully prepared for this crucial step.
We’ll verify:
All mandatory ISO 27001 documents are complete
Evidence of implementation exists
Any nonconformities have been resolved
You’re confident in answering typical auditor questions
You can demonstrate compliance with the international standard
This session mirrors the auditor’s perspective, so there are no surprises when your assessment begins.
When you join ISO 27001 in 90 Days, you’ll receive a program designed for a broad range of organisations:
✅ Five private 1-to-1 checkpoint sessions (Zoom or Teams) ✅ All mandatory ISO 27001 templates and examples ✅ Unlimited email support between sessions ✅ Expert guidance throughout the entire process ✅ Ongoing basis support to help maintain compliance, including regular check-ins and advice ✅ Access for up to 3 users to my ISO 27001 online course ✅ A list of trusted, low-cost UK auditors ✅ A pass guarantee — if you don’t pass, I’ll help fix it for free
You stay in control — book sessions at your own pace, work flexibly around your team, and maintain ownership of your system.
The quickest any client has been certified is 20 days, for a non-accredited certificate. For an accredited UKAS certification, it’s 68 days. I recommend that most target 90 days to be ready for the audit.
Here’s a realistic example timeline:
Week
Milestone
Week 1
Kick-Off & Scope Review
Week 2–3
Risk Review
Week 4–5
Statement of Applicability
Week 6–7
Performance & Improvement
Week 8–9
Final Readiness Check
Week 10–12
Audit with Certification Body
This process leverages a deep understanding of ISO/IEC 27001, ensuring each step aligns with best practices for managing and auditing your ISMS.
Some clients complete faster; others take slightly longer, depending on resource availability. But the structure ensures continuous progress — and certification within 90 days is absolutely achievable. The program also helps organisations adapt to new technologies, supporting compliance and security throughout their certification journey.
Small companies often find ISO 27001 guidance written for large corporations — full of unnecessary complexity.
This programme is tailored for SMEs, focusing on what really matters to pass the audit.
It works because:
You get a clear, practical plan instead of abstract theory
The ISMS is right-sized — no bloated documentation
You stay audit-focused from day one
You build understanding and ownership as you go
It costs a fraction of traditional consultancy
More..
The programme helps you build a security-first culture, ensuring everyone in your organisation prioritises information protection. It also supports managing information security risks across your entire supply chain, including external partners and suppliers. Well-defined processes are emphasised, making it easier to maintain compliance and continuously improve your information security management system.
“Alan’s expertise was central to guiding our company to achieve ISO 27001 and ISO 9001 certifications, a testament to his profound knowledge and dedication.”
— Julian Longson, Pole Star Global
“Alan’s expertise in ISO 27001 allowed Oxipital AI to successfully implement an Information Security Management System in a right-sized and efficient manner for our start-up.”
— Erica Burns, Oxipital AI
Pricing
The full 90-day consultancy programme costs £2,216 + VAT, with flexible payment options:
A 20% discount applies for micro-organisations (3 or fewer employees).
Typical auditor fees for SMEs range from £2,500 to £6,500 (not included). Fees depend on the type of accreditation, the auditor, and the scope of the ISMS.
If your auditor identifies any nonconformities that prevent certification, I’ll work with you free of charge to resolve them and liaise with the auditor until you pass.
That’s how confident I am in this method.
What Happens Next
If you’re ready to get ISO 27001 certified quickly — without unnecessary consulting costs or confusion — the next step is simple.
Click below to book a discovery call. We’ll discuss your current position, timescales, and what’s needed to hit your client’s deadline with confidence.
I’m located in Berkshire, UK. But the service is based on video conference meetings.
Do you work with non-UK countries?
Yes. I’ve worked with many companies across the world (Europe, USA, New Zealand).
Why are the auditor costs ‘estimates’?
I don’t control the auditors, and they don’t control me – there must be a separation between the consultant and the auditor to avoid a conflict of interest. The auditors will quote based on a variety of factors, so the above costs are estimates based on smaller organisations with <100 staff.
Can you do a UKAS certification in 3 months?
Just about. UKAS-accredited auditors require approximately 3 months of evidence build-up before certification. However, this doesn’t stop you from engaging and then running your ISMS for several months before the audit.
Will it be you, or someone else, working with us?
Only me.
Your Rapid Path to ISO 27001
Get certified quickly, cleanly, and without overspending.
ISO 27001 certification isn’t about perfection on day one.
It’s about meeting the requirements, establishing a solid baseline, and building security maturity over time. The standard is based oncontinual improvement– and that starts with understanding your risks, not creating endless paperwork.
I’ll guide you through my tried-and-tested framework so you can tailor it to your needs.
