Information Security Management
ISO 27001 Consultancy: Get Certified in 90 Days
Get ISO 27001 Certified – Fast
Your enterprise client just asked you if you are ISO 27001 certified. You need to get there fast — without the chaos.
I provide hands-on ISO 27001 consultancy for SMEs across the UK, EU, USA and beyond. Fully remote delivery, fixed fee, with a first-pass guarantee built in.
First Pass Guarantee · UK-Based, Remote-First · Templates Included · 30-Day 100% Credit Upgrades
Book a discovery call
What My Clients Say
THE PROCESS
How the Consultancy Works
My ISO 27001 consultancy is structured around five focused sessions — covering everything from initial scoping to pre-audit readiness.
I’ll guide you through the standard as we go, tailoring everything to your organisation.
Between sessions, you’ll adapt my templates for that section, working at your own pace. Most organisations complete the process in 8–12 weeks.
1. Kick-Off & Scope Review
We start by exploring the major components and setting the foundational governance.
What we’ll cover:
- Define your ISO 27001 scope
- Review any existing policies and documents
- Assess your organisation’s context (scope)
- Define an Information Security Policy
- Capture roles & responsibilities
- Walk through leadership’s role and capture some objectives
- Agree on your project plan and certification timeline
By the end, you’ll have a clear plan and full understanding of what’s required — no guesswork, no confusion. The process is tailored to your organisation’s specific needs, ensuring relevance and effectiveness.
2. Risk Review Session
Next, we identify and address your biggest information security risks. This step helps you manage information security risks by taking a risk-based approach to protecting your organisation’s information assets.
We’ll:
- Create or review your risk assessment method
- Identify key risks (suppliers, ransomware, outages, cyber attacks, etc.), including threats to information assets, sensitive data, and confidential information
- Build your risk treatment plan
- Review and align with Clause 6: Planning
3. Statement of Applicability (SoA)
This is where we map your controls against Annex A’s 93 controls. Aligning your approach with the ISO standard, ensures your information security management system meets international best practices.
We’ll:
- Review the controls that apply to your business, including all relevant security controls and information security controls
- Clarify inclusions and justified exclusions
- Finalise your Statement of Applicability using my proven template
- Integrate Clause 7 (Support) and Clause 8 (Operation)
4. Performance & Improvement Session
Here we bring everything together and show how your ISMS performs in practice.
We’ll cover:
- Key performance metrics and audit evidence
- Internal audit planning and sample audit records
- How to run an effective management review
- Clause 9 (Performance Evaluation) and Clause 10 (Improvement)
- The role of regular audits and annual surveillance audits in ongoing compliance and continual improvement
5. Final Readiness Check
The final session is a mock audit walkthrough. We check everything your accredited certification body will look for during the certification audit, ensuring you are fully prepared for this crucial step.
We’ll verify:
- All mandatory ISO 27001 documents are complete
- Evidence of implementation exists
- Any nonconformities have been resolved
- You’re confident in answering typical auditor questions
- You can demonstrate compliance with the international standard
This session mirrors the auditor’s perspective, so there are no surprises when your assessment begins.
Consultancy Pricing
The full 90-day consultancy programme costs £3,500 + VAT, with flexible payment options:
No discount, maximum flexibility.
A 20% discount for micro-organisations (3 or fewer employees).
Typical auditor fees for SMEs range from £2,500 to £6,500 (not included). Fees depend on the type of accreditation, the auditor, and the scope of the ISMS.
guarantees
Engage with confidence
My approach is tried and tested. If you follow it, you will pass.
Cancel any time for a refund.
If, for any reason, the approach isn’t for you, you can walk away.
If you choose not to continue, I’ll refund a pro-rata amount based on the sessions remaining — so you only ever pay for what you’ve used.
E.g. 2 out of 5 sessions taken = 60% refund
Pass or I fix it for free.
I stand behind this process completely.
If your auditor identifies any nonconformities that prevent certification, I’ll work with you free of charge to resolve them and liaise with the auditor until you pass.
That’s how confident I am in this method.
Who This Consultancy Is For
This programme is designed specifically for small to medium-sized B2B tech companies, SaaS providers, and startups who:
- Organisations with up to 250 people
- Those able to make changes quickly
- Teams that have 5 hours a week to work on it
Who It’s Not For
- Larger enterprises > 250 staff
- Organisations that struggle with fast-paced change
Why This Approach Works
Traditional consultancy can drag on for six months or more and cost tens of thousands. My approach is different.
My 90-day model focuses on Minimal Viable Compliance — the minimum needed to pass your first audit and lay a solid foundation for continuous improvement later. This program is a cost-effective solution designed to streamline your ISO 27001 journey.
You’ll benefit from:
- Structured checkpoints
- Plain-English guidance
- Begin Hands-on
- Expert support
- Save valuable time
- Proven templates and policies
- A pass guarantee
What You Get
When you engage my ISO 27001 in 90 Days consultancy service, you’ll receive a program designed for a broad range of organisations:
✅ Five private 1-to-1 checkpoint sessions (Zoom or Teams)
✅ All mandatory ISO 27001 templates and examples
✅ Unlimited email support between sessions
✅ Expert guidance throughout the entire process
✅ Ongoing basis support to help maintain compliance, including regular check-ins and advice
✅ Access for up to 3 users to my ISO 27001 online course
✅ A list of trusted, low-cost UK auditors
✅ A pass guarantee — if you don’t pass, I’ll help fix it for free
You stay in control — book sessions at your own pace, work flexibly around your team, and maintain ownership of your system.
How Fast Can You Really Get Certified?
The quickest any client has been certified is 20 days, for a non-accredited certificate. For an accredited UKAS certification, it’s 68 days. I recommend that most target 90 days to be ready for the audit.
Here’s a realistic example timeline:
| Week | Milestone |
|---|---|
| Week 1 | Kick-Off & Scope Review |
| Week 2–3 | Risk Review |
| Week 4–5 | Statement of Applicability |
| Week 6–7 | Performance & Improvement |
| Week 8–9 | Final Readiness Check |
| Week 10–12 | Audit with Certification Body |
This process leverages a deep understanding of ISO/IEC 27001, ensuring each step aligns with best practices for managing and auditing your ISMS.
Some clients complete faster; others take slightly longer, depending on resource availability. But the structure ensures continuous progress — and certification within 90 days is absolutely achievable. The program also helps organisations adapt to new technologies, supporting compliance and security throughout their certification journey.
Why UK SMEs Choose Independent ISO 27001 Consultancy
Small businesses often find ISO 27001 guidance written for large corporations — full of unnecessary complexity and expense. As an independent ISO 27001 consultant working exclusively with SMEs, I focus on what actually matters to pass the audit.
It works because:
- I work personally with every client. You won’t be handed off to a junior consultant or an offshore team.
- You get a clear, practical plan instead of abstract theory
- The ISMS is right-sized — no bloated documentation
- You stay audit-focused from day one
- You build understanding and ownership as you go
- It costs a fraction of traditional consultancy
Optional Add-On:
Internal Audit
ISO 27001 requires an internal audit before certification. A risk-based internal audit is included as standard in the programme — covering key clauses and a selection of Annex A controls.
If you want more thorough coverage, the full audit upgrade is available:
| Option | What’s Covered | Price |
|---|---|---|
| Risk-based audit | Key clauses + selection of controls | Included |
| Full audit upgrade | Every clause + all 93 controls | +£1,500 + VAT |
Deliverables include an internal audit programme and method, a formal audit report, and a detailed list of findings and recommendations.
The normal rate for a standalone internal audit is £2,500.
What Happens Next
If you’re ready to get ISO 27001 certified quickly — without unnecessary consulting costs or confusion — the next step is simple.
Click below to book a discovery call. We’ll discuss your current position, timescales, and what’s needed to hit your client’s deadline with confidence.
Working With UK and International Clients
My ISO 27001 consultancy is based in the UK and delivered entirely remotely via Zoom or Microsoft Teams. I work regularly with organisations across London and the South East, as well as clients throughout the UK, Europe, USA, and beyond.
If you’re based in London or elsewhere in the UK and need ISO 27001 consultancy that fits around your team rather than the other way around, remote delivery means there’s no compromise on quality — and no travel costs inflating your bill.
FAQs
Where are you based?
I’m located in the UK. But the service is frequently delivered over video meetings.
Do you work with non-UK organisations?
Yes. I’ve worked with many companies across the world (Europe, USA, New Zealand).
Why are the auditor costs ‘estimates’?
I don’t control the auditors, and they don’t control me – there must be a separation between the consultant and the auditor to avoid a conflict of interest. The auditors will quote based on a variety of factors, so the above costs are estimates based on smaller organisations with <100 staff.
Can you do a UKAS certification in 3 months?
Just about. UKAS-accredited auditors require approximately 3 months of evidence build-up before certification. However, this doesn’t stop you from engaging and then running your ISMS for several months before the audit.
Will it be you, or someone else, working with us?
I personally work with every client and don’t hand you off to someone else.
Do you offer ISO 27001 consultancy in London?
Yes — although I’m based outside London, all consultancy is delivered remotely, which means London-based organisations get exactly the same service without the day-rate premium that comes with in-person consultancy. I work with several London and South East clients each year.
Your Rapid Path to ISO 27001
Get certified quickly, cleanly, and without overspending on consultancy fees.
ISO 27001 certification isn’t about perfection on day one.
It’s about meeting the requirements, establishing a solid baseline, and building security maturity over time. I’ll guide you through my tried-and-tested consultancy framework so you can tailor it to your organisation’s needs.
