ISO 27001 audits delivered by certified auditors

Qualified experts

Qualified experts

Your implementation service will be delivered by certified ISO 27001 consultants with years of experience.

Get ISO certified

Get ISO certified

Achieve ISO 27001 certification using our tried and tested process that has a 100% success rate.

Flexible delivery

Flexible delivery

We’ll work around your schedule to minimise disruption to your everyday business activities.

End to end support

End to end support

Experience a seamless, end-to-end consultancy service from the initial kick-off to certification.

A comprehensive ISO 27001 implementation service

During your ISO 27001 implementation project we will guide you through all of the necessary deliverables to get your business certification-ready:

ISMS and business contextISMS and business context

Understanding the scope of your ISMS and business context

This is a critical first step and helps us to define the boundaries, subjects and objectives of your information security management system (ISMS). We will work closely with you to build this solid foundation that will direct the rest of the implementation project.

Risk assessments and Risk Management FrameworkRisk assessments and Risk Management Framework

Risk assessments and Risk Management Framework (RFM)

We assist you in developing a Risk Management Framework that is relevant to your business and meets the requirements of ISO 27001. We use this to conduct a risk assessment and develop a risk treatment plan. Once this is complete, we will help you build your Statement of Applicability.

Establishing policies at BulletproofEstablishing policies at Bulletproof

Establishing policies, procedures and documentation

We work with you to develop a set of customised policies, procedures and documentation that fit your business whilst ensuring that the requirements of ISO 27001 are met. We help to create a document set that is both manageable and tailored to the resources you have available, reducing any unnecessary paperwork.

Information security awareness trainingInformation security awareness training

Information security awareness training

We deliver security training sessions for staff at all levels within the business to ensure that everyone has a working knowledge of the ISMS and how it applies to them.

Internal auditingInternal auditing

Internal auditing

We conduct a comprehensive internal audit prior to the external certification body audit to ensure that you meet the requirements of the standard and are ready for ISO certification. We can also make time available to support you during your stage 1 and stage 2 certification body audit.

Regular project updatesRegular project updates

Regular project updates

We help you track and monitor your progress and address any challenges at each stage of the project to help you move forward. We can also assist you with any questions you have about ISO 27001.


GDPR compliance staff at BulletproofGDPR compliance staff at Bulletproof

Why choose Bulletproof?

Our consultancy division consists of highly experienced consultants and information security experts. We help organisations of all sizes achieve and maintain ISO 27001 certification and our clients trust us to provide accurate, actionable guidance throughout their compliance journey.

Our lead implementors will guide and support you to achieve the requirements of the ISO 27001 management system clauses and Annex A controls, whilst providing a wealth of knowledge and expertise that will positively impact your overall security culture.


Here’s what our customers say about us

Start your ISO 27001 implementation journey today

If you are interested in our services, get a free, no obligation quote today by filling out the form below.

For more information about how we collect, process and retain your personal data, please see our privacy policy.


ISO 27001 implementation FAQs

How long does an ISO implementation project take?

The requirements of the ISO 27001 usually take small to medium-sized businesses several months to fully implement. Using a consultancy service will help keep you moving in the right direction, but the time it takes will depend on the resources and personnel available to you, the size and maturity of your business, and any standards you already meet.

Rest assured; all our work is quoted at a fixed price. Once the scope of work is defined and agreed upon, we will deliver regardless of the time it takes to complete the project.

What are the ISMS clauses?

Clauses 4-10 of the ISO 27001 refers to the Management System, which your business needs to action as a major part of the implementation process. This will be signed off as completed once you have met the conditions of the clauses which cover People, Organisational, Technological, and Physical.

What is Statement of Applicability in ISO 27001?

The Statement of Applicability (SoA) is a mandatory document that forms a central part of implementing the ISO 27001 standard, formally stating which Annex A controls are being put in place by the business. The SoA must give a clear indication of which controls are applicable, providing justification and evidence for any that are not used, for auditors to refer to.

Do you recommend certification bodies?

We do not recommend specific certification bodies, but we can suggest some UK Accreditation Service (UKAS) Accredited Organisations that we have worked with previously.

ISO implementation resources

Our experts are the ones to trust when it comes to your cyber security

CREST approvedCREST approvedCREST approved
Payment card industry data security standardPayment card industry data security standardPayment card industry data security standard
ISO 27001 certifiedISO 27001 certifiedISO 27001 certified
ISO 9001 certifiedISO 9001 certifiedISO 9001 certified
Government G-Cloud supplierGovernment G-Cloud supplierGovernment G-Cloud supplier
Crown commercial service supplierCrown commercial service supplierCrown commercial service supplier
Cyber EssentialsCyber EssentialsCyber Essentials
Cyber Essentials PlusCyber Essentials PlusCyber Essentials Plus