ISO 27001 - Information Security Management System
ISO 27001 implementation and certification. Build an internationally recognized Information Security Management System (ISMS).
At a glance
ISO 27001 is an international certification that proves your company manages security in a serious and structured way. More and more clients and tenders require it. We guide you step by step toward certification.
Want to know more?
We accompany you from the initial analysis through to the certification audit. We identify risks, implement the necessary controls, and prepare all the documentation. The process typically takes 6-12 months depending on company complexity.
Why choose this service
Recognized certification
ISO 27001 is the international standard for information security, recognized by clients and partners worldwide.
Competitive advantage
More and more tenders and contracts require ISO 27001 certification. Having it opens new business opportunities.
Structured security
A well-implemented ISMS concretely reduces the risk of incidents and data breaches.
What is ISO 27001?
ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS). It defines the requirements for establishing, implementing, maintaining, and continually improving an information security management system.
Why get certified?
- Contractual requirement: more and more clients, especially public administration and large companies, require certification
- NIS2 compliance: ISO 27001 covers many NIS2 directive requirements
- Risk reduction: a mature ISMS reduces the likelihood and impact of incidents
- Trust: demonstrates to clients and partners your commitment to security
ISO 27001 structure
The standard consists of:
Management system requirements (clauses 4-10)
- Context of the organization
- Leadership and commitment
- Planning (risk assessment)
- Support (resources, competencies, communication)
- Operational activities
- Performance evaluation
- Continual improvement
Security controls (Annex A)
93 controls organized into 4 themes:
- Organizational (37 controls): policies, roles, asset management, access control
- People (8 controls): screening, awareness, disciplinary
- Physical (14 controls): perimeters, access, equipment
- Technological (34 controls): endpoint, network, encryption, backup
Our approach
Gap Analysis
Assessment of current status against ISO 27001 requirements, gap identification, effort estimate for certification.
Scope Definition
Identification of the certification perimeter, context analysis, stakeholder mapping, and requirements.
Risk Assessment
Asset, threat, and vulnerability identification. Risk evaluation and treatment plan definition.
Implementation
Controls implementation, policy and procedure drafting, staff training, Statement of Applicability.
Internal Audit
Pre-certification compliance verification, non-conformity identification, corrective actions.
Certification
Support during the certification audit (Stage 1 and Stage 2), management of any findings, certificate issuance.
ISO 27001 and other regulations
| Regulation | Synergy with ISO 27001 |
|---|---|
| NIS2 | ISO 27001 satisfies most NIS2 requirements |
| GDPR | ISO 27001 controls also protect personal data |
| ISO 22301 | Integration with business continuity for a complete management system |
Deliverables
During the project you will receive:
- Gap analysis report with current status and roadmap
- Complete risk assessment with treatment plan
- ISMS documentation: policies, procedures, operational instructions
- Statement of Applicability (SoA)
- Internal audit support and certification
Typical timeline
| Phase | Duration |
|---|---|
| Gap analysis | 2-4 weeks |
| Implementation | 3-6 months |
| Internal audit | 2 weeks |
| Certification | 1-2 months |
Total: 6-12 months for certification, based on complexity and initial maturity.
Why Ekados
- Practical experience: not just theory, but concrete implementation
- Integrated approach: we combine ISO 27001 with NIS2, GDPR, and other regulations
- Certified team: auditors and consultants with experience in ISO standards
- Post-certification support: periodic internal audits and ISMS maintenance
Other services Cybersecurity & NIS2
Discover our other cybersecurity & nis2 services.
NIS2 Assessment & Roadmap
Gap analysis and roadmap for NIS2 compliance. Identify vulnerabilities and get a concrete plan before the October 2026 deadline.
Vulnerability Assessment & Penetration Test
Infrastructure scanning and intrusion testing to identify vulnerabilities before attackers do.
Managed Detection & Response (MDR)
24/7 monitoring of your infrastructure with immediate incident response. Your outsourced SOC.
vCISO - CISO as a Service
A dedicated information security officer for your company, without the costs of a full-time hire.
Security Awareness Training
Anti-phishing training for your employees. 90% of attacks start with an email.
GDPR Compliance
Assessment, alignment, and maintenance of GDPR compliance. Personal data protection, DPO as a Service, and privacy training.
ISO 22301 - Business Continuity Management
ISO 22301 implementation and certification. Ensure your company's operational continuity in case of incidents, disasters, or crises.
Ready to get started?
Contact us for a free consultation. We will help you find the best solution for your business.