ISO/IEC 27001:2022 · ISMS · INFORMATION SECURITY

ISO 27001 Readiness: prepare your organization for information security certification

Complete ISMS implementation. From gap assessment to certification audit preparation. We prepare your organization — certification is issued by an independent accredited body.

Lead Auditor ISO/IEC 27001Lead Implementor ISO 27001

Start a conversation View security audit →

93Annex A Controls

72 hPreliminary diagnosis

5Certification phases

Fernando Arrieta en evento internacional de certificación ISO

"Certification is not the final goal — it is the evidence that your management system works."

Fernando Arrieta — Lead Auditor ISO/IEC 27001

Audience

Who needs ISO 27001 certification?

Organizations with international operations

More and more contracts require ISO 27001 as a prerequisite. Certification is increasingly a documented requirement in international supply chains.

Regulated organizations

Fintech, healthcare, government, and insurance companies need to demonstrate security controls to regulators and supervisory bodies.

Companies handling sensitive data

If you process personal, financial, or health data, ISO 27001 provides the framework to protect it and prove it.

Certification process

Preparation phases for ISO/IEC 27001 certification

Gap assessment

Evaluation of the current state vs. ISO 27001 requirements. Identifies what exists, what is missing, and where to start.

Risk analysis

Mapping of information assets, threats, vulnerabilities, and required controls based on your context.

ISMS implementation

Design of policies, procedures, controls, and roles. Operational documentation that is used, not archived.

Internal audit

Pre-certification verification: we detect findings and correct them before the external audit.

Certification audit preparation

Complete preparation: audit simulation, findings closure, and documentation ready for the independent certification body.

Deliverables

What you receive in the process

Gap Analysis Report

Detailed map of what you comply with and what is missing, prioritized by risk and effort.

ISMS Documentation

Policies, procedures, risk matrix, Statement of Applicability (SoA), and operational records.

Risk Treatment Plan

Selected Annex A controls with owners, deadlines, and verification criteria.

Internal Audit Report

Complete verification before certification. Corrected findings and documented evidence.

Certification Preparation

Audit simulation, management review, and non-conformity closure prior to the external audit.

Continuous Improvement Support

Post-implementation support to maintain and improve the ISMS. Surveillance and the certification cycle are the responsibility of the certification body.

FAQ

ISO 27001 Certification: frequently asked questions

How long does ISO 27001 certification take?

It depends on the size and maturity of the organization. On average, full implementation takes between 4 and 8 months. Organizations with mature processes can achieve it in 3 months. The preliminary diagnosis is delivered in 72 hours, allowing you to plan the timeline.

How much does ISO 27001 certification cost?

The cost varies depending on the scope, number of locations, and complexity of the organization. The consulting investment covers diagnosis, implementation, and preparation. The certification audit is a separate service contracted directly with the accredited certification body.

What is an ISMS and why do I need one?

The Information Security Management System (ISMS) is the framework that defines how your organization protects its information assets. It includes policies, roles, access controls, incident management, and continuous improvement. ISO 27001 is the international standard certifying that your ISMS meets globally recognized requirements.

Do I need prior information security experience?

No. Many organizations start from scratch. The initial assessment maps the current state, and the readiness process covers diagnosis, implementation, and preparation. The certification audit is a separate step managed by an independent accredited body.

Is the certification internationally valid?

Yes. ISO 27001 is an internationally recognized standard worldwide. Certification is issued by an independent accredited certification body and has global validity. Fernando Arrieta provides readiness preparation — the certification decision is the exclusive responsibility of the accredited body.

What controls does ISO 27001 include?

The 2022 version includes 93 controls in Annex A, organized into 4 categories: organizational, people, physical, and technological. Not all are mandatory: they are applied based on your organization's risk analysis.

Related systems

Other audit systems

ISO 9001

Quality management

Process certification with PDCA approach and continuous improvement.

View system ISO/IEC 42001

AI Governance

AI management system with accountability.

View system Security

Security audit

ISMS diagnosis with documented results.

View system

Acreditaciones y membresías institucionales

Evidence-based information security starts with a clear conversation.

If your organization is evaluating ISO 27001 readiness, this is the channel to discuss scope and viability. All inquiries are handled under confidentiality.