The Certification your Next Customer is waiting for.
Know exactly what it will take — before you commit.
Most companies jump into their ISO 27001 6-12 month implementations without knowing where they stand, what gaps need closing, or what it will really cost.
Don't commit blindly. Get the full picture first.
YOUR INVESTOR OR COMPLIANCE-DRIVEN BUYERS WANT ISO 27001 CERTIFICATION
What you need to know first:
Where you actually stand today
What gaps need to be closed
How much work is really involved
What it will cost in time, money, and resources.
Looking for help with NIS2? Click here.
IS THIS RIGHT FOR YOU?
This service is for companies that:
✓ Have a real deadline: Investor requirement, customer contract, or partnership driving certification (i.e., not "nice to have")
✓ Are 30-200 employees: Scaling but no dedicated security team
✓ Sell to compliance-driven buyers: Fortune 500, regulated industries, or companies that require certification
✓ Want hands-on support: Not just advisory — actual implementation help
✓ Are ready to commit: This takes 5-8 months of focused effort.
“We achieved one-hundred percent ISO readiness, and to a large extent, I could lean back and watch you drive it.”
WHERE ARE YOU ON YOUR COMPLIANCE JOURNEY?
-
You bought the tool. You started the work. But between policies, evidence collection, and the audit timeline, momentum stalled. You're not alone — this is the most common scenario we see.
We help you finish what you started. Bring your existing platform — we'll get you audit-ready in 90-120 days.
-
No GRC platform yet? We offer a complete compliance package: vCISO guidance, market-leading GRC platform included, and hands-on implementation support. One partner, one monthly fee, certified in 6-8 months.
The true cost of DYI ISO 27001
Most companies underestimate by 3-5x.
OUR APPROACH:
TWO PHASES. COMPLETE CLARITY. NO SURPRISES.
GAP ANALYSIS
Know exactly what you're signing up for.
Investment: From €2,500*
Timeline: 5-7 business days
What's included:
✓ Current State Assessment: Complete review of your existing policies, procedures, and controls 4-5 hours of stakeholder interviews across IT, HR, and management
✓ Control-by-Control Gap Analysis: All 93 Annex A controls mapped to your current state: Implemented / Partially Implemented / Missing / Not Applicable
✓ Certification Roadmap: Realistic timeline based on YOUR starting point, resource requirements, and dependencies. Clear ownership for each action.
✓ Three scenarios: DIY/Hybrid/Full-Service
✓ Budget Planning: Honest assessment of what certification will require.
After the Gap Analysis, you can: - Proceed with our Compliance Lead service - Implement yourself with our roadmap - Use another provider - Make a fully informed decision
No hidden costs, no surprises later.
(*) Based on: company size, starting point, and existing controls.
COMPLIANCE LEAD
Hands-on implementation until you're audit-ready.
Investment: €4,500/month
Typical duration: 6-8 months (depends on starting point). This is not advisory; it's a hands-on implementation.
What's included:
✓ Policy Development: We write the policies, procedures, and documentation you need: not templates, actual policies tailored to your business
✓ Control Implementation: Guidance, Technical and organizational control deployment. Evidence gathering and documentation.
✓ GRC Platform Setup (if applicable): Drata or Vanta implementation and configuration. Automated evidence collection.
✓ Audit Preparation: Pre-audit readiness assessment. Auditor selection guidance Support during Stage 1 and Stage 2 audits.
✓ Ongoing Support: Weekly status calls, Slack access for questions.
We're with you until you pass. The engagement ends when you get certified. Clear end point.
You already bought your GRP platform? We help you get certified.
Compliance Tools Implementation Service
€3,500/month (retainer)
Deliverables: Policy customization, control implementation, evidence collection, audit prep
Typical Timeline: 3-5 months to certification-ready status
We are an official Drata & Vanta Implementation Partner.
TURN SECURITY FROM A SALES BLOCKER INTO A COMPETITIVE ADVANTAGE
1. Close Enterprise Deals Faster
Stop losing deals to security questionnaires. We help you build the posture that your compliance-driven buyers require — ISO 27001, SOC 2, and beyond.
2. Pass Investor Due Diligence
VCs are scrutinizing security like never before. We ensure your security program demonstrates maturity, not just checkboxes, so that you can focus on your pitch.
3. Build the Foundation for Scale
Get certified the first time properly. We build security programs that pass audits and scale with you from 50 to 200+ employees.
HOW IT WORKS
1. Assess (Week 1-2)
Free consultation to understand your situation. If we're a fit, we conduct a gap analysis to identify exactly where you stand and what it takes to get certified.
2. Implement (Months 1-6)
Hands-on work alongside your team. Policies, controls, evidence collection, and remediation. We do the heavy lifting as we build your internal capability.
3. Certify (Months 5-8)
Audit preparation, certification body selection, and support through the audit itself. You get the certificate; we handle the complexity.
4. Scale (Ongoing)
Certification is the beginning, not the end. We help you maintain compliance, handle surveillance audits, and evolve your program as you grow.
Most of our vCISO clients started with a Compliance Lead engagement. When certification is done, we already know your environment inside out - which makes ongoing security leadership far more effective than starting from scratch with a new provider.
Your Path to ISO 27001
Typical Starting Points:
Gap Analysis +
Already SOC 2 certified?
€2,500 +
4-5 months =
€20,500 - €25,000
Starting from scratch?
€3,500 +
6-8 months =
€30,500 - €39,500
TOTAL INVESTMENT
Compliance Lead =
Compare to:
DIY: €150K - 300K (internal time + vendor upgrades + 12+ months)
Big 4 consulting: €50-100K+ (junior consultants, 9-12 months)
Our approach: 70-90% savings vs DIY, senior expertise, 5-8 months.
WHAT HAPPENS AFTER THE CERTIFICATION?
The ISO 27001 certification is just the beginning of a journey:
"We are still working on it as we need to show major improvements every year in renewal audits to retain the certificate."
— 50-employee SaaS
"Questionnaires dropped from 100-500 to 10-50 questions after certification. But they didn't stop.”
— Series B Company
Certification is the start, not the finish line.
Most certified companies discover two things quickly: enterprise customers still send security questionnaires — just more specific ones. And annual renewal audits require demonstrating continuous improvement, not just maintaining the status quo.
We offer two ways to support you after certification:
Still getting questionnaires? Our Questionnaire Service handles them in 3–5 business days so your CTO can focus on growth.
Need ongoing security leadership? Our vCISO Service provides strategic guidance through renewals, vendor risk, and scaling your program.
FAQs
-
No. We need to understand your starting point to give you an accurate timeline and identify gaps. The Gap Analysis is required.
-
Great — we'll work with your existing platform. Many clients come to us after buying a GRC tool and realizing the tool is only 30% of the work.
-
We can't guarantee audit outcomes (that's up to the auditor), but we have a 100% track record of getting clients to certification when they follow the process.
-
The retainer continues month-to-month until certification. We're incentivized to get you certified efficiently — the engagement ends when you pass.
-
Yes. The Compliance Lead service covers both ISO 27001 and SOC2. If you need both, we can do them in parallel or sequence.
-
Gap Analysis is a one-time engagement. Compliance Lead has a 3-month practical minimum — that's the shortest timeframe to make meaningful progress.
-
Every company's starting point is different. A fixed fee either overcharges companies that are further along, or loses money on companies starting from zero. Monthly retainer aligns our incentives — we get you certified as efficiently as possible.