ISO/IEC 27001:2022 · Information Security
Achieve ISO 27001 certification — with the controls done for you
ISO 27001 is the international standard for information security and the badge enterprise clients and tenders increasingly demand. We build the management system, implement the technical controls and get you audit-ready — then keep it alive between audits.
Overview
What is ISO 27001?
ISO/IEC 27001 is the international standard for an Information Security Management System (ISMS). The current version is ISO/IEC 27001:2022 — the 2013 edition was retired on 31 October 2025. It combines mandatory management-system requirements in Clauses 4–10 with Annex A: a menu of 93 controls across four themes — Organisational (37), People (8), Physical (14) and Technological (34). You select the controls that fit your risks and justify them in a Statement of Applicability (SoA). Certification is awarded by an independent, accredited body through a two-stage audit — a Stage 1 documentation review and a Stage 2 implementation audit — and lasts three years with annual surveillance audits.
The mapping
How our Cyber Resilience Programme meets ISO 27001
We cover the mandatory ISMS clauses and the four Annex A control themes.
| Requirement | How Foresight delivers it |
|---|---|
| Clauses 4–10 — the ISMS itself | We run the risk assessment, build your Statement of Applicability, set up the ISMS and establish the internal-audit and management-review cadence. |
| Organisational controls (A.5 · 37) | Policy templates, supplier security reviews, Microsoft 365 and cloud hardening, threat-intelligence feeds and incident management. |
| People controls (A.6 · 8) | Security-awareness training and robust joiner, mover and leaver access processes. |
| Physical controls (A.7 · 14) | Guidance on physical access and monitoring, plus device-level protection and secure configuration. |
| Technological controls (A.8 · 34) | MFA and Microsoft Entra, managed firewalls, endpoint EDR, patching, Microsoft Sentinel logging, immutable backups, web and mail filtering and secure configuration. |
ISO 27001 certification is awarded by an independent, UKAS-accredited certification body following Stage 1 and Stage 2 audits. Foresight prepares you to pass and manages the technical controls — we are your implementation partner, not the certification body.
Speed
How quickly can you certify?
Weeks 1–2 · Scope & gap analysis
We define the ISMS scope and assess you against Clauses 4–10 and the 93 Annex A controls.
Weeks 2–8 · Build & implement
Risk assessment, Statement of Applicability, policies and the technical controls.
Weeks 6–12 · Internal audit & review
We run an internal audit and management review and gather the evidence auditors expect.
Stage 1 & Stage 2 · Certification
Your accredited body audits the ISMS and issues the certificate.
Most organisations certify within 3–6 months.
The exact timeline depends on your size, complexity and current maturity — and if you already hold Cyber Essentials Plus, you have a head start. After certification, annual surveillance keeps it live.
Why Foresight
Experts who keep it running
Plenty of consultants get you the certificate then disappear. As your managed IT and security partner we operate the controls day-to-day — so your ISMS stays effective between audits, not just on audit day. Cyber Essentials Plus certified, with a dedicated Cyber Lead in Saad Gul.
In practice
Typical engagements
SaaS / software supplier
Needed ISO 27001 to win enterprise contracts. We built the ISMS and controls and they passed Stage 2 first time.
Professional-services firm
Tired of failing client security questionnaires — ISO 27001 turned security into a sales advantage.
Already Cyber Essentials Plus
We mapped existing controls up into the ISO 27001 framework, cutting the work needed to certify.
Make ISO 27001 your competitive advantage
Talk to our team for a free, no-obligation gap review. We will show you exactly where you stand and how quickly we can close the gaps.
Book a free consultation