C · Compliance

ISO 27001 certification, end to end.

Build an information security management system that passes the audit and satisfies your customers. We take it from gap assessment to certificate on a timeline you can plan around.

Get an assessment

Why it matters

A prospect's security questionnaire or a procurement gate is asking for ISO 27001. Without it, the deal stalls. Done right, the certificate clears the bar and shortens every review that follows.

How we do it

We scope your ISMS and assess the gap against the Annex A controls. Then we build the policies, controls and evidence the standard requires, and support you through the Stage 1 and Stage 2 audits. Automation handles the legwork; we make the judgement calls.

ISO/IEC 27001:2022
ISO/IEC 27002
Annex A controls

What you get

Scoped ISMS and Statement of Applicability
Risk assessment and treatment plan
Policy set and control implementation
Evidence collected and mapped to Annex A
Stage 1 and Stage 2 audit support
Surveillance-audit readiness

Frameworks & rigor

Named standards, real rigor.

We work to the standards your auditors and customers recognise, and certified practitioners do the work on every engagement.

ISO/IEC 27001:2022ISO/IEC 27002ISO 27001 Lead Auditor

Team credentials: OSCP · CISSP · CISA · CEH · ISO 27001 Lead Auditor.

Think it through

SOC 2 / ISO 27001 readiness check

A two-minute read on where you're starting from, no strings.

Have a look

Why Singahi

What you get with Singahi.

One team, end to end

Compliance, assessment and managed security from one partner that grows with you.

Credentials on the actual team

OSCP, CISSP, CISA, CEH and ISO 27001 Lead Auditor, on every engagement.

AI-assisted and manual

Automation for scale, with people for the judgment that actually matters.

Built to prove it

Evidence your customers, investors and regulators recognise.

FAQ

Questions, answered

Is this the current ISO 27001:2022 version?

Yes. We work to ISO/IEC 27001:2022 and its updated Annex A control set.

How long does certification take?

It depends on your size and how much is already in place. After the gap assessment we give you a firm timeline and plan backwards from your deadline.

Do you run the certification audit?

An independent certification body runs the audit itself. We prepare you and support you through both stages, so there are no surprises.

We already use cloud security features. Does that count?

Cloud controls help, but ISO 27001 is about your management system. We map what you already do to the standard and fill the gaps that remain.

What size company is ISO 27001 worth it for?

If customers or investors are asking for it, it is worth it at any size. We scope the ISMS to your actual operations, so a smaller team is not buried in controls built for an enterprise.

How this fits together

Across the lifecycle

Related services.

Derisk. Build Trust.

Prove your security. Close the deal.

Tell us what's prompting this, whether a questionnaire, an audit deadline or an investor ask. We reply within four business hours.