INTERNATIONAL STANDARD

ISO 27001:2022

The global benchmark for Information Security Management Systems (ISMS).
Demonstrate to enterprise clients that you manage data security holistically.

What is it?

ISO 27001 is not just about IT security; it is about business risk management. It requires you to build an Information Security Management System (ISMS) – a set of policies, procedures, and controls to manage information risks (people, processes, and technology).

Why do you need it? For many UK and EU enterprises, ISO 27001 is a “license to trade.” It is often the first question on any vendor security questionnaire.

The Pathway to Certification

A typical 6-9 month journey managed by Cloudgap.

1. Gap Analysis

We assess your current practices against the 93 Annex A controls to find immediate deficiencies.

2. ISMS Design

We draft your core policies (Access Control, HR Security, etc.) and define your Scope and SoA.

3. Internal Audit

A mandatory "dry run" where we audit your system to ensure it meets the standard before the external auditor arrives.

4. Stage 1 & 2 Audit

We support you through the Document Review (Stage 1) and Evidence Review (Stage 2) with the external certification body.