ISO 27001 Consultancy

Supporting your implementation with
ISO 27001 consultancy

Information Security Management System

An ISMS that conforms with ISO 27001 and that has achieved certification from an accredited (UKAS) certification body demonstrates to all “interested parties” that you understand and manage your information security risks effectively.​

Why Choose Orbit for ISO 27001 Consultancy?

Full ISO 27001 Wraparound Service

We will lead the implementation process from top management engagement and the gap analysis through to the Stage 2 audit and initial certification.


Gap Analysis

To explore your current state and identify the work required to conform with the requirements of ISO 27001.

Management System Development

You may have concentrated on implementing technical controls but haven’t developed the management system (clauses 4-10).

Risk Assessment and
Risk Treatment

Use our unique Risk DB tool to structure your risk assessment activity and risk treatment plan. It is simple to use and provides powerful management reporting via a dashboard.

Policy and Procedure Development

We can either provide suitable templates or review your existing documentation.

Internal Audits

We’re professional auditors, use us.

Awareness and Training

Wondering how to engage your organisation on information security issues… or your senior management? We have many tried and trusted strategies for increasing engagement, understanding and competence.
Years Providing ISO 27001 Services
Years of Combined Team Experience
ISO 27001 Systems Implemented or Audited
Certified ISO 27001 Systems in the UK

ISO 27001 certification process

The path to achieving certification may seem confusing and daunting but can be easily broken down into 5 steps.

Step 1

Plan and establish the system structure and documentation. Start the risk management programme.

Step 2
Stage 1 Audit

An independent review of your understanding of the standard's requirements and readiness for the main (stage 2) audit.

Step 3
Implement & mature the system

Implement the risk treatment plan including new controls, and then operate the system.

Step 4
Stage 2 Audit

Full and detailed review of the system implementation, including - people, process and technology controls.

Step 5
Maintain & improve

Operate the system, maintain the processes, and seek system improvement.

Help with ISO 27001 Certification


If you plan to achieve ISO 27001 certification, make sure you select a certification body who is accredited by UKAS. This means that they work to a stringent and consistent standard and your certification will be recognised as valid.