ISO 27001 certified
in 14 weeks.
Without the drama.
A boutique MSSP led by senior practitioners — guiding ambitious organisations from first gap analysis to Stage 2 certification, with a 100% first-attempt pass rate across 47 clients.
Free · 16-page PDF · Email required
We are the doctors of ISO 27001.
Our practice borrows its discipline from medicine: a thorough diagnosis, a precise prescription, a steady treatment, and ongoing aftercare. Your information security is treated with the same rigour a consultant physician brings to a patient.
Examine
A forensic check-up of every control, policy and risk vector — no symptom overlooked.
Prescribe
A treatment plan calibrated to your operating model. No templated dosage.
Implement
Controls administered with care alongside your teams. Side-effects monitored.
Sustain
Surveillance audits and vital-sign metrics — a healthy ISMS, year after year.
End-to-end ISO 27001 certification, delivered with quiet precision.
Every partnership is led by a senior practitioner. No account managers, no pass-offs, no templated deliverables masquerading as strategy.
Readiness & Gap Analysis
A forensic assessment of your current posture against all 93 Annex A controls and the 2022 revisions.
ISMS Design & Documentation
Bespoke policies, risk register and Statement of Applicability — engineered, never templated.
Control Implementation
Hands-on deployment of technical and organisational controls with your teams, not around them.
Internal Audit & Training
Staff awareness, executive briefings and internal audits that rehearse you for certification.
Stage 1 & Stage 2 Support
We stand beside you in the certification audit. No surprises. No theatre.
Continual Improvement
Surveillance audits, metrics, and a living ISMS that earns its keep year after year.
Six deliberate steps to certification.
A median client reaches Stage 2 in fourteen weeks. Your pace, not ours — but always moving.
Discovery
A confidential conversation. We map your scope, assets, and ambitions.
Gap Analysis
A forensic baseline against ISO/IEC 27001:2022 and its 93 controls.
Risk & Design
Risk assessment, treatment plan, and an ISMS tailored to how you actually work.
Implementation
Controls deployed with your teams. Evidence captured as you go.
Internal Audit
We rehearse the certification audit. You walk in prepared, not hopeful.
Certification
Stage 1 and Stage 2 with accredited bodies — and a three-year partnership beyond.
Not all certification partners are equal.
- Junior consultants delivering templated artefacts
- Policies bolted on, never embedded
- Hand-offs across opaque delivery teams
- Audit-day surprises you pay to resolve
- Certificate on the wall, risk still in the business
- One senior lead, accountable end to end
- An ISMS designed around your operating model
- Deliverables your engineers and board both respect
- Rehearsed audits — you walk in prepared
- A living programme that compounds over three years
DR.ISO certified us in thirteen weeks without once disrupting the business. What they actually delivered was something rarer than a certificate — genuine confidence in our security posture.
Certification is a decision.
Excellence is a discipline.
We accept a small number of new partnerships each quarter. If ISO 27001:2022 is on your board agenda, let's begin with a conversation.