Pospíšil Petr | CyberPOPE Independent Consultant | Cybersecurity Architect & vCISO
For Companies of 20-50+ People

ISO 27001 readiness

We build the ISMS, implement the controls, and prepare you for audit over time - structured so the system holds up when an auditor, a customer, or an incident tests it.

ISO 27001 is not a document project. It is a way of running security that your team uses day to day.

Where This Fits

Who this is for

This is you

Your company

  • 20-50+ people and growing
  • Security is becoming a real function
  • You face formal demands for evidence

What is pushing you

  • Enterprise customers expect certification
  • Tenders require ISO 27001
  • Investors raise it during due diligence
  • Internal maturity makes it the next step

How we do it

  • Instead of a template ISMS bought off the shelf, we build an ISMS scoped to your real business.

  • Instead of treating certification as a one-off documentation exercise, we give every control a named, accountable owner.

  • Instead of a certificate over a system nobody actually runs, we leave you with a system that holds up at the next audit.

The Roadmap

Five phases

1

Readiness assessment

Scope, interested parties, customer and security drivers, an asset and process overview, existing controls, and a clear gap analysis against ISO 27001.

2

ISMS foundation

ISMS scope, risk methodology, asset register, risk register, statement of applicability, the policy set, and named control owners.

3

Control implementation

Access control, supplier management, incident management, backup and recovery, vulnerability management, logging and monitoring, security awareness, and secure development where relevant.

4

Evidence and internal audit preparation

Evidence collection, management review, internal audit support, corrective actions, and coordination with the certification body.

5

Retainer maintenance

Ongoing ISMS operations, quarterly risk register updates, control checks, supplier evidence, and audit readiness between certification cycles.

What You Get

First 90 days

30 days / Step 1
Assess

Scope is set and the gap analysis is done. You know the real distance to certification.

60 days / Step 2
Build

The ISMS foundation is drafted and risks are registered with owners assigned.

90 days / Step 3
Implement

Control implementation is underway, tracked against the statement of applicability.

How this becomes a retainer

An ISMS only holds if it is operated. A retained partnership runs the review cycle, keeps the risk register current, and keeps you audit-ready between certification cycles.

What is not included

Certification is issued by an independent accredited body, not by me. I prepare you for it and coordinate with the certification body; management owns risk acceptance and the final decisions.

Certification is a milestone. The real product is an ISMS your company actually uses.

Get a roadmap

Start with a focused readiness assessment. We measure the real gap to ISO 27001 and turn it into a roadmap with owners and timelines.

Encrypted Call