Ellipse Project

ISO 27001 readiness and accompaniment

Gap analysis, remediation roadmap, and accompaniment through certification. Honest about effort, honest about timelines.

ISO 27001 certification is a long engagement done well and a frustrating engagement done badly. The most common mistake is treating the standard as a documentation exercise — write the policies, fill the templates, present them to the auditor.

Auditors increasingly ask whether the documented controls are actually operating. The shift in audit practice over the last five years has been measurable; certification bodies are pressing on operational evidence in ways they did not a decade ago. Documentation-heavy preparation passes the first surveillance audit and fails the third.

We work to deliver an ISMS that operates, not a binder of documents that exists. Our standard engagement runs through gap analysis, prioritised remediation, controls implementation accompaniment, internal audit, management review, and certification readiness check. We work alongside your internal team rather than replacing them; the goal is that your organisation can sustain the ISMS after we have left.

We do not certify — that is the certification body's role, and we maintain explicit independence from any certification body to avoid conflict of interest. We work with the leading bodies operating in our region (DEKRA, BSI, TÜV) and can advise on selection based on your sector and the cultural fit your team will need to sustain a multi-year audit relationship.

Typical deliverables

  • Gap analysis against ISO 27001:2022 Annex A and the relevant SoA
  • Remediation roadmap with effort estimates per control
  • ISMS documentation set (policies, procedures, records) calibrated to your scope
  • Internal audit aligned with ISO 19011 guidance
  • Management review preparation and accompaniment through certification audit

Engagement model

Full ISO 27001 readiness engagements typically run nine to fifteen months from kick-off to certification audit. Shorter engagements are possible where the ISMS is already largely in place and we are accompanying through the audit phase only.

Get in touch

To discuss whether this service is a fit for your organisation, contact us at office@ellipseproject.com or use the contact form.