Skip to content
SynergyBit
Other compliance

ISO/IEC 27001 – information security management system

Implement an ISMS to ISO/IEC 27001 and earn customer trust and certification readiness.

ISO/IEC 27001 is the international standard for an information security management system (ISMS). Customers, tenders and partners increasingly require it as evidence that you manage your data and processes securely.

We help you implement the ISMS in a practical, sustainable way – from scope and risk assessment through policies and Annex A controls to internal audit and certification audit preparation. The goal is a working system, not a pile of documents.

What you get

ISMS scope and context

Defining the scope, identifying interested parties and setting up roles and responsibilities.

Risk assessment and SoA

Assessing and treating information security risks and producing the Statement of Applicability (SoA).

Policies and controls

Security policies and implementation of Annex A controls (ISO/IEC 27002) tailored to your organisation.

Internal audit and certification prep

Conducting an internal audit, management review and preparation for the certification audit.

How it works

  1. 01

    Gap analysis

    We map your current state against ISO/IEC 27001 requirements and define the ISMS scope.

  2. 02

    ISMS implementation

    We build the risk assessment, policies and SoA and implement the necessary controls.

  3. 03

    Audit and certification

    We run an internal audit and prepare you for the certification audit by a certification body.

Outcomes for you

  • A working, auditable ISMS
  • Readiness for the certification audit
  • Customer trust and a stronger position in tenders
  • Alignment with CRA and NIS2 obligations

Frequently asked questions

Will you issue our ISO 27001 certificate?
No. The certificate is issued by an accredited certification body after a successful audit. We prepare you for the audit – we implement the ISMS and run an internal audit. We are not a certification body.
How does ISO 27001 relate to the CRA and NIS2?
An ISMS to ISO 27001 provides the organisational foundation that the CRA (security processes) and NIS2 (risk management and measures) requirements also rely on. We can align them so you do not do the work twice.
How long does implementation take?
For a smaller organisation, typically 3–6 months depending on maturity and scope. After the gap analysis we set a realistic plan and certification timeline.

Related services

Back to services

MDR – medical devices

Advisory and preparation for Regulation (EU) 2017/745 (MDR): classification, technical documentation, clinical evaluation, QMS and the path to CE marking.

Learn more

IVDR – in vitro diagnostics

Advisory and preparation for Regulation (EU) 2017/746 (IVDR): classification into classes A–D, technical documentation, performance evaluation, QMS and the path to CE marking.

Learn more

Czech Cybersecurity Act (nZKB / NIS2)

End-to-end support for the new Czech Cybersecurity Act (nZKB / NIS2): from determining whether you are regulated to implementing security measures and reporting incidents to NÚKIB.

Learn more

Start with CRA before the deadline catches up with you

A free consultation will quickly show you where you stand and the shortest path to compliance.

Book a consultation