Information Security & ISO 27001
Practical, audit-ready ISO 27001 implementation — designed to reduce real risk, streamline evidence, and pass certification with confidence.
Speak to a SpecialistMost clients start with an ISO 27001 Readiness Assessment (typically 1–2 weeks) to confirm gaps, scope, and a clear roadmap.
Our Information Security and ISO 27001 Services
ISO 27001 Readiness & Gap Assessment
Rapid assessment of scope, ISMS maturity, Annex A coverage, and evidence readiness.
Deliverables: gap report, risk themes, quick wins, implementation roadmap
Typical duration: 1–2 weeks
ISMS Design (Scope, Context, Governance)
Define ISMS scope, boundaries, roles, governance, and leadership control to make audits smooth.
Deliverables: scope statement, ISMS governance/RACI, policy framework, KPI cadence
Typical duration: 1–3 weeks
Risk Assessment & Treatment
Build a defensible risk method, run risk workshops, and produce actionable risk treatment plans.
Deliverables: risk methodology, risk register, treatment plan, residual risk sign-off pack
Typical duration: 2–4 weeks
Statement of Applicability (SoA) & Annex A Mapping
Create a clean, audit-friendly SoA with clear applicability logic and evidence pointers.
Deliverables: SoA, control mapping, evidence index, implementation tracker
Typical duration: 1–2 weeks
Policies, Standards & Procedures
Build a lean, usable documentation set (not shelfware) aligned to your operating model.
Deliverables: policy suite, key procedures, templates, document control approach
Typical duration: 2–6 weeks (depending on scope)
Internal Audit & Management Review
Independent assurance before certification: findings, corrective actions, and management review inputs.
Deliverables: audit plan, audit report, NCs/observations, corrective action tracker, MR pack
Typical duration: 1–2 weeks
Supplier & Third-Party Risk
Strengthen vendor due diligence, security clauses, and ongoing assurance for critical suppliers.
Deliverables: supplier risk model, due diligence pack, contract clauses, tiered assurance plan
Typical duration: 2–4 weeks
Certification Support (Stage 1 & Stage 2)
Hands-on support to organise evidence, coach process owners, and close audit findings fast.
Deliverables: audit evidence pack, interview coaching, audit attendance, closure support
Typical duration: 2–6 weeks (around audit window)
How We Deliver
A structured approach that builds a usable ISMS, not paperwork — and creates clean evidence for auditors.
Define
Agree scope, context, interested parties, governance, and an audit-ready plan.
Assess
Run risk assessment, identify gaps, prioritise controls, and confirm SoA direction.
Implement
Deploy policies/procedures, embed controls, and build a clean evidence structure.
Assure
Internal audit, management review, pre-cert checks, and certification support.
Why Infintrix?
ISO 27001 Lead Implementer–Led
Delivered by experienced practitioners who focus on usable controls and clean evidence.
Practical, Not Paperwork
Lean documentation and real operating controls — designed to work in the business.
Integrated with BCM & Resilience
Where needed, we align ISO 27001 with BCM/ITDR and operational resilience priorities.
Fast Path to Certification
Clear roadmap, evidence structure, and audit coaching to reduce surprises at Stage 1/2.