Skip to content
Communicat IT

Certification Readiness

ISO 27001 Certification Readiness Assessment

Fixed-quote gap assessment. Realistic roadmap. No audit-day surprises.

Understand your readiness, prioritise gaps, and get a realistic roadmap to certification—without guesswork, wasted effort, or audit failure.

We prepare you for certification. Certification itself is issued by an accredited external auditor to maintain independence and integrity.

ISO 27001:2022 alignedStage 1 + Stage 2 audit prepAssessments from $5,000
Request AssessmentView Timeline
Oct 2025
ISO 27001:2022 transition deadline
93
Controls in ISO 27001:2022 Annex A
3-12mo
Typical time to certification
3 years
Certification validity period

Signs You Need ISO 27001 Certification

If any of these sound familiar, a readiness assessment will show you exactly what's required to get certified.

  • Enterprise clients are asking for evidence of your security posture
  • You're being excluded from tenders that require ISO 27001
  • Government contracts need proof of information security management
  • Cyber insurance applications are getting harder to complete
  • You handle sensitive client data but have no formal ISMS
  • Partners are sending security questionnaires you struggle to answer
  • You want to differentiate from competitors in your market
  • Your ISO 27001:2013 certification needs transition before Oct 2025

Who ISO 27001 Is For

Certification opens doors to enterprise clients and government tenders

Government Suppliers

Meet tender requirements that prefer or mandate certification

Enterprise Vendors

Satisfy supply chain security requirements for large clients

Tech & SaaS Companies

Demonstrate security maturity to prospects and investors

Professional Services

Protect client data and differentiate from competitors

This is Not For You If...

We want to set clear expectations upfront

  • You want certification without internal process change
  • You expect external consultants to "own" the ISMS entirely
  • You only want documentation templates (we include them, but they must be tailored)
  • You don't have executive sponsorship or budget authority

What We Assess

Comprehensive review against ISO 27001:2022 requirements

Information Security Policies

Review of security policies, objectives, and management commitment to information security.

Risk Assessment Process

Evaluation of risk identification, assessment methodology, and treatment planning.

Access Control

Review of user access management, authentication, and authorisation controls.

Documentation

Assessment of ISMS documentation, procedures, records, and evidence collection.

Incident Management

Review of security incident response, reporting, and learning processes.

Operational Controls

Evaluation of technical and operational security controls across Annex A.

Supplier Security

Assessment of third-party security management and supplier agreements.

Internal Audit

Review of internal audit program, management review, and continual improvement.

Where We Sit In Your ISO Journey

Clear boundaries ensure a successful certification

You (Internal Team)

  • Own your ISMS and internal processes
  • Provide executive sponsorship
  • Allocate internal resources
  • Make business decisions on risk acceptance

Us (Consultant)

  • Provide methodology and guidance
  • Supply templates and frameworks
  • Conduct gap assessment and roadmap
  • Prepare you for certification audit

Auditor (External Body)

  • Conduct independent certification audit
  • Issue certification decision
  • Perform annual surveillance audits
  • Maintain audit integrity

Certification Timeline

From assessment to certification in 3-12 months

  1. Discovery · 4-8 weeks

    Assessment & Planning

    Activities

    • Gap assessment against ISO 27001:2022
    • Scope definition and boundaries
    • Risk assessment methodology design
    • Project plan and resource allocation

    Deliverables

    Gap Analysis ReportProject PlanScope Statement

  2. ISMS Build · 8-16 weeks

    Documentation & Framework

    Activities

    • Policy and procedure creation
    • Risk register development
    • Statement of Applicability (SoA)
    • Control framework design

    Deliverables

    ISMS DocumentationRisk Treatment PlanStatement of Applicability

  3. Implementation · 6-12 weeks

    Embedding & Testing

    Activities

    • Process integration and testing
    • Staff awareness training
    • Internal audit execution
    • Management review meeting

    Deliverables

    Internal Audit ReportManagement Review MinutesCorrective Action Log

  4. Certification · 4-8 weeks

    External Audit

    Activities

    • Stage 1 audit (documentation review)
    • Address Stage 1 findings
    • Stage 2 audit (implementation audit)
    • Close non-conformities

    Deliverables

    Audit ReportsCertification (3-year validity)Surveillance Schedule

Outcomes You Can Expect

After your readiness assessment, you'll have everything needed to plan your certification journey with confidence.

  • Clear understanding of your certification readiness
  • Prioritised roadmap with realistic timeline and budget
  • Annex A control maturity assessment
  • ISMS documentation templates ready for customisation
  • Risk assessment methodology aligned to your business
  • Recommendations for certification body selection
  • Evidence of security commitment for tenders and clients
  • Integration guidance with Essential Eight and other frameworks

DIY vs Consultant vs Managed Program

Choose the right approach for your organisation

DIYConsultant-LedManaged Program
AssessmentSelf-assess with ISO standardExpert gap analysis with scoringComprehensive assessment + project plan
DocumentationCreate all docs from scratchTemplates + guidance providedDocs developed for you
Risk AssessmentDevelop own methodologyMethodology + training providedFull risk assessment conducted
ImplementationInternal resources onlyAdvisory support + reviewsHands-on implementation support
Audit PreparationNavigate audit independentlyPre-audit review + coachingFull audit coordination + support
Best ForLarge teams with ISMS experienceTeams with some security maturityOrganisations new to ISO 27001

Deadline Alert

ISO 27001:2013 Transition Deadline: October 2025

Organisations certified to ISO 27001:2013 must transition to the 2022 version by 31 October 2025. After this date, 2013 certifications will no longer be valid.

If you're already certified: Start your transition now. The 2022 version has restructured controls and new requirements that need time to implement and embed before your surveillance or recertification audit.

Plan Your Transition

Why Work With Us

Experience supporting ISO programs for manufacturing, SaaS, and professional services
Familiar with Essential Eight, NIST CSF, and risk management frameworks
Vendor neutral — no preferred auditor relationships
Based in Melbourne, supporting organisations Australia-wide

Industry Experience

We've supported ISO 27001 programs across these sectors

Technology & SaaS
Professional Services
Financial Services
Healthcare
Government Suppliers

Related Services

Complement ISO 27001 with these strategic services

Frequently Asked Questions

Ready to Start Your ISO 27001 Journey?

Request a readiness assessment to understand your path to certification

Request Assessment