Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Start your journey to achieving ISO 27001:2022 with a comprehensive gap analysis against the new ISO 27002:2022 controls.
Identify areas that need addressing to help you certify to ISO 27001:2022.
Receive a clear report of conformity against each new control.
Delivered by our team of certified and experienced ISO lead auditors.
Receive expert support and optional extras to aid your compliance journey.
ISO 27002 was updated in February 2022. The new controls highlighted within ISO 27002:2022 are now referenced in Annex A of the new version of ISO 27001 which was published in October 2022.
This means organisations that currently use Annex A controls will be required to update their Information Security Management System (ISMS) taking into account the new controls prior to being assessed against ISO 27001:2022.
For organisations certified against ISO 27001:2013, an ISO 27002:2022 Gap Analysis will assess your compliance against the new control set and help you, identify where your current ISMS fails to meet the requirements, and what needs to be implemented to help you achieve 27001:2022 certification.
In ISO 27002:2022, the number of controls has decreased from 114 to 93. These controls are then categorised into four themes:
24 existing controls have been merged, 58 updated and there are now 11 new controls to reflect the current cyber security landscape. These include:
Ensure your organisation is ready to move to ISO 27001:2022 with the help of a ISO 27002 Controls Gap Analysis:
Our team of certified and experienced consultants help organisations of all sizes monitor and manage their information security. We understand that each organisation has unique processes and procedures, so we’ll work with you to understand your ISMS and provide appropriate advice on how you can easily address any areas of non-conformity.
We also offer additional solutions such as penetration testing, 24/7 security monitoring and assistance with other compliance engagements such as the GDPR and Cyber Essentials.
ISO 27001 compliance has helped us improve our security investment and build credibility with our global client base, as well as enabled us to successfully win UK Government procurement contracts. Bulletproof made the whole process easy and effortless from start to finish, strengthening our information security and improving our position in the industry.
One of our expert ISO 27002 gap analysis consultants will get back to you as soon as possible.
I'd like to receive free cyber and compliance resources, and stay up-to-date with Bulletproof services. Privacy policy
ISO 27002 is the set of technical controls which is referenced in Annex A of ISO 27001. It explains each of the controls in more detail and provides information on what the control is, what the objective of the control is and how to implement it. Consider it as the user manual for the controls.
Not yet, but you will eventually. Once the new version of ISO 27001 comes out (which is expected in the autumn of 2022) this will reference the new ISO 27002:2022 controls. It is widely expected that organisations will have two years from the date of the publication of the new ISO 27001:2022 to achieve certification against the new standard, however this is yet to be confirmed.
There are 93 controls in 27002:2022, in comparison to the 114 controls in 27002:2013. In 27002:2013, controls were broken into 14 control sets. With 27002:2022, the structure has been changed to group the controls by four themes: People (8 controls), Organisational (37 controls), Technological (34 controls) and Physical (14 controls).
ISO 27002:2022 has also introduced 11 new controls which cover:
24 controls have been merged from two, three, or more controls from the 2013 version; thus reducing the number of overall controls in the 2022 version.