ISO 27001 / ISMS

Design and certification support for information security management systems.

About the service

ISO 27001 is the international standard for information security and is increasingly required in procurement and client relationships. We guide you from baseline assessment to certification.

An information security management system (ISMS) in accordance with ISO 27001 provides your organisation with a structured framework for protecting information. The standard is recognised globally and demonstrates to clients, partners, and authorities that you take information security seriously.

ISO 27001:2022 includes updated controls that reflect the current threat landscape — with a focus on cloud security, threat intelligence, and data protection. Certification requires systematic effort but delivers significant benefits in the form of strengthened trust and reduced risk.

Verit has extensive experience building management systems that not only pass certification audits but actually work in day-to-day operations. We tailor the effort to your organisation's size and maturity and ensure that security work becomes a natural part of your business.

Quick facts

Deliverables
6 concrete deliverables
Process
4 steps from start to result
Often combined with
NIS2, Risk Management, Training
Book a call

Is this right for you?

Is ISO 27001 right for you?

ISO 27001 certification is relevant for all organisations that handle sensitive information, but especially for those facing requirements from clients, regulators, or procurement processes.

IT and technology companies
SaaS providers
Financial sector
Public sector
Management consultancies
Healthcare and e-health

Benefits

Why ISO 27001 with Verit

01

Structured security management

An ISMS gives you clear processes for risk management, incident management, and continuous improvement. Instead of ad hoc efforts, you gain a systematic approach that the entire organisation can follow.

02

Competitive advantage

An increasing number of clients and procurement bodies require ISO 27001 certification. The certificate demonstrates that you meet an international standard and opens doors in both public and private business.

03

Regulatory foundation

ISO 27001 provides a solid foundation for meeting requirements from NIS2, GDPR, and industry-specific regulations. The standard systematically covers the areas that most regulatory frameworks require.

Working method

Our process

1

Baseline assessment

We map your existing security measures, processes, and documentation against ISO 27001:2022. The result shows exactly what needs to be built or improved.

2–3 weeks
2

Design & planning

We design your management system — scope, policies, risk methodology, and control structure. Everything is tailored to your business and existing processes.

3–4 weeks
3

Implementation

Step by step, we implement the controls and processes required. We train key personnel and ensure that the system is embedded in the organisation.

2–4 months
4

Internal audit & certification

We conduct the internal audit, support management review, and prepare you for the external certification audit.

3–4 weeks

Securapilot

Run your ISMS with Securapilot

Securapilot gives you the tool to manage your management system after certification. Document management, risk register, and monitoring — all in one place.

Explore Securapilot
  • SoA management with real-time control status
  • Document version control with approval workflows
  • Risk register with automated follow-up
  • Internal audit planning and nonconformity management

Results

What you get

  • Gap analysis report against ISO 27001:2022
  • ISMS documentation: policies, guidelines, and procedures
  • Risk assessment and risk treatment plan
  • Statement of Applicability (SoA)
  • Internal audit report
  • Support ahead of the external certification audit

Frequently asked questions

Questions & answers

How long does an ISO 27001 certification take?
A typical certification journey takes 4–8 months depending on the organisation's size and current maturity level. Smaller organisations with a limited IT environment can often achieve certification more quickly, while larger operations require more time.
What does it cost to become certified?
The cost varies based on the organisation's size, scope, and existing maturity. The largest investment lies in consulting support and internal staff time, plus the certification body's audit fee. We provide an estimate after the baseline assessment.
What is the difference between ISO 27001:2013 and 2022?
ISO 27001:2022 has restructured controls (from 114 to 93), new controls for cloud security, threat intelligence, and data masking, as well as a clearer focus on a risk-based approach. Existing certificates need to transition to the 2022 version.

Related services

Book an ISO 27001 review

We map your current state and develop a plan towards certification.

Book a meeting