ISO/IEC 27001 Control Reality Assessment
An independent check of whether documented ISO 27001 controls are meaningful in practice.
Assurance work: we form an independent opinion. We do not implement what we assure.
Delivered by: ISO/IEC 27001:2022 Lead Implementer (BSI)
Scope
Independent evaluation of whether ISO/IEC 27001 controls and governance are meaningful in practice. It asks whether your certification or "ISO ready" claims would stand up to a procurement body, funder, or assurance committee, not just whether the documentation exists. To protect that independence, we do not provide this assessment to a client we have given ISO 27001 Implementation Advisory.
What you get
- Review of risk register quality and Statements of Applicability
- Assessment of leadership ownership and governance effectiveness
- Evaluation of whether certification or "ISO ready" claims would withstand scrutiny
Deliverables
An independent, ISO-aligned assurance report with a clear opinion on whether the control environment is credible, suitable for procurement, funding, or partnership decisions
Price
£5,500-8,500
All prices exclude VAT.
Frameworks referenced
Readiness and assurance, kept separate
Where we have built or prepared evidence for a client, we do not also sell that client an independent assurance opinion on the same work. Independence is only worth anything if it is real, so we protect it rather than blur it.
Not sure if this is the right engagement?
Book a free scoping call. We will point you to the right next step, whether that is this service, our paid diagnostic, or something else.
