Delivery Roadmap

How we deliver ISO 27001:2022 clause by clause.

ISO 27001 is a structured management system, so our support is structured too. We align delivery with the clauses of the standard to build an ISMS that is auditable, practical and sustainable after go-live.

Book a Free Consultation

Structured planning and governance workshop

Clause 4

Implementation and scoping in the context of your organisation.

We define your ISMS with clarity and purpose so the boundaries, stakeholders and obligations are visible from the outset and connected to the way your business actually works.

ISMS scope definition and boundary setting.
Stakeholder and interested-party analysis.
Internal and external issue mapping.
Legal, regulatory and contractual requirement gathering.
Optional ISO 22301 continuity scoping and impact analysis.

Clause 5

Leadership and governance.

Security only holds when leadership direction, authority and accountability are clear. We work with senior teams to make governance credible instead of performative.

Governance structure and leadership engagement.
Roles, responsibilities and authority definition.
Policy drafting and approval facilitation.
Board briefings and strategy alignment.

Clause 6

Planning and risk treatment.

We design a risk-driven roadmap suited to your operational reality, from methodology through measurable objectives and treatment plans.

Risk assessment methodology design.
Risk register and treatment plan development.
Statement of Applicability creation and control justification.
Objective and KPI definition with improvement opportunities.

Clause 7

Support, awareness and documented information.

Your ISMS must be understandable and operable by the people who keep it alive. We support awareness, competence, communications and document control from day one.

Organisation-wide awareness and onboarding security.
Communication planning for internal and external audiences.
Documented information management, templates and records.
Tooling guidance for document control and automation.

Clause 8

Operational controls.

This is where the plan becomes working practice. We support the implementation of Annex A controls across people, physical environments, vendors and technology.

Supply-chain and vendor due diligence controls.
Asset management and operational procedures.
Incident management and response readiness.
Co-sourced or project-based delivery depending on your team capacity.

Clause 9

Performance evaluation.

We help establish the oversight loop: internal audits, management reviews, KPI dashboards and reporting that gives leadership confidence.

Single, recurring or readiness internal audits.
Management review facilitation and evidence packs.
Compliance metrics, maturity scoring and board reporting.

Clause 10

Continual improvement.

Certification is not the end-state. We help clients embed corrective action discipline, post-incident learning and long-term compliance health checks.

Root cause analysis and corrective action support.
Security incident reviews and post-incident reporting.
Recertification and surveillance audit preparation.
Strategic maturity roadmaps for scaling businesses.

2022 Controls

The new controls are already embedded into our roadmap.

Threat intelligence Use relevant threat insights to sharpen risk and control decisions.

Cloud service governance Make cloud usage auditable across procurement, security and operations.

ICT continuity readiness Align technology recovery priorities with continuity strategy and testing.

Data controls Deletion, masking and leakage prevention implemented with usable operating rules.

Monitoring Continuous oversight with logging, alerting and investigation expectations defined.

Web filtering Reduce exposure to harmful or non-compliant content across the workforce.

Need an implementation path?

We can shape the roadmap around your business, not a generic template.

Talk to us about your current state, audit deadline and team capacity.

Book a Free Consultation