ISO 27001 consultants
Let our experienced consultants help you build a useful, customised, effective and efficient ISO 27001 Information Security Management System.
We provide ISO 27001 and GDPR consultancy, information security training and internal audit services to businesses across the UK.
As qualified ISO 27001 auditors, we often see systems that are paper-heavy, cumbersome and unhelpful for the companies using them. We will help you to build a light-weight, low maintenance system that improves your security and provides useful Management Information to support your business.
Working with ADL has made two seemingly impossible things possible. First, their consultant has guided us to ISO27001 and second, he made it understandable, relatable, and dare we say it, enjoyable!
Managing Director, SomeBrightSpark
We realised benefits across the business and lost count of the improvements we have made to our business based on Andy’s suggestions - and who knew ISO27001 could be so enjoyable!
Operations & HR Director, Preact
Whilst you don't have to use a consultant to support you with your ISO 27001 implementation, doing so can help you to avoid the huge potential for rabbit holes, misunderstanding and misinterpretation which ultimately can save you months!
In our audit experience, we have also come across numerous consultants who are "standards people", rather than information security specialists. We would strongly encourage you to find an ISO 27001 specialist rather than generic standards consultant - the difference can save you months too!
A. Experience first...and then a bunch of other stuff - here are some quick thoughts.
Technical experience is particularly pertinent with ISO 27001. A good consultant will have multiple years of experience working in information technology. Without a technical background, some of the nuance of the technical controls can be lost.
As a consequence, we would generally counsel against a "generic ISO consultant" as, whilst they may have much experience working with Standards, they may be weak in the technical requirements of ISO 27001.
Not necessarily, but we think it's a good idea!
Consultants can quickly become complacent and stuck in their thinking. Auditing exposes the consultant to a wide range of implementation methods, new ways of doing things, new technologies and solutions. It's a great form of professional development.
Auditors who conduct audits for a UKAS accredited auditing bodies have to conduct "quality reviewed" regularly to ensure they are auditing to a suitable standard. This should provide some assurance that the consultant is of a suitably high standard.
Get in touch
Give us a call, or send us an email, to start the conversation and see how we can help your business to achieve ISO 27001.