Listing Thumbnail

    ISO 27001 Information Security Certification and Maintenance

     Info
    Oxford Infosec takes small, fast-moving companies from initial scoping to ISO 27001 certification in 3-6 months, then maintains controls and evidence to keep you certified through surveillance and recertification audits.

    Overview

    When enterprise customers ask for ISO 27001, investors raise it in due diligence, or contracts require it, you need the certificate that proves your security posture. Oxford Infosec takes small, fast-moving companies from initial scoping all the way to certification, then maintains the controls and evidence that keep you certified through surveillance and recertification audits, year after year.

    Our approach is pragmatic and risk-driven, built for small businesses so that every recommended control is proportionate to real-world risk, ISO 27001 requirements, and ICO expectations. We optionally pair our consultants with a compliance automation platform for continuous evidence collection, real-time dashboards, and automated alerts instead of periodic checklists.

    Phase 1 - Implementation (3-6 months): We agree scope and accountability, build your asset inventory and risk register, write core policies, deploy controls (MFA, logging, backup, supplier due diligence), conduct your first internal audit and management review, and prepare you for the certification audit.

    Phase 2 - Maintenance (12-month minimum, renewable annually): We operate continuous monitoring, maintain your risk register and policies, execute internal audits, coordinate with the certification body for surveillance and recertification audits, deliver security awareness training, and provide incident and change advisory.

    Designed for organisations with 2-250 employees handling sensitive data in the UK or Europe, facing procurement questionnaires, investor due diligence, or contractual certification requirements. Our Lead Consultants hold internationally recognised ISO 27001 implementation and audit qualifications along with data protection credentials (CIPP/E, CIPM), serving as your single point of contact accountable for delivery.

    Controls are scoped to how you actually operate. If something genuinely does not apply, we mark it out of scope rather than inventing work. The service combines well with SOC 2, vCISO, DPO as a Service, or Security Foundations for organisations needing broader coverage.

    Highlights

    • Achieve ISO 27001 certification in 3-6 months with a named Lead Consultant holding recognised ISO 27001 implementation, audit, and data protection qualifications (CIPP/E, CIPM)
    • Stay certified year after year with ongoing maintenance covering continuous monitoring, internal audits, policy updates, supplier security oversight, and certification body liaison for surveillance and recertification audits
    • Built for small businesses with 2-250 employees: pragmatic, risk-driven controls scoped to how you actually operate, with optional compliance automation platform integration for continuous evidence collection and live dashboards

    Details

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Pricing

    Custom pricing options

    Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Support

    Vendor support

    You work with a named Lead Consultant who serves as your single point of contact and is accountable for delivery throughout both the implementation and maintenance phases. Monthly check-in calls track open actions, new risks, and control performance issues. Quarterly risk reviews refresh your asset list and risk register, while semi-annual management reviews present summaries of objectives, incidents, and audit results to leadership. For general enquiries, contact Oxford Infosec at hello@oxfordinfosec.com .

    Software associated with this service