← All services
Assurance 3-5 weeks

ISO/IEC 27001 Control Reality Assessment

An independent check of whether documented ISO 27001 controls are meaningful in practice.

Assurance work: we form an independent opinion. We do not implement what we assure.

Delivered by: ISO/IEC 27001:2022 Lead Implementer (BSI)

ISO/IEC 27001 Control Reality Assessment

Scope

Independent evaluation of whether ISO/IEC 27001 controls and governance are meaningful in practice. It asks whether your certification or "ISO ready" claims would stand up to a procurement body, funder, or assurance committee, not just whether the documentation exists. To protect that independence, we do not provide this assessment to a client we have given ISO 27001 Implementation Advisory.

What you get

  • Review of risk register quality and Statements of Applicability
  • Assessment of leadership ownership and governance effectiveness
  • Evaluation of whether certification or "ISO ready" claims would withstand scrutiny

Deliverables

An independent, ISO-aligned assurance report with a clear opinion on whether the control environment is credible, suitable for procurement, funding, or partnership decisions

Price

£5,500-8,500

All prices exclude VAT.

Frameworks referenced

ISO/IEC 27001:2022 ISO/IEC 27002

Readiness and assurance, kept separate

Where we have built or prepared evidence for a client, we do not also sell that client an independent assurance opinion on the same work. Independence is only worth anything if it is real, so we protect it rather than blur it.

Not sure if this is the right engagement?

Book a free scoping call. We will point you to the right next step, whether that is this service, our paid diagnostic, or something else.