Information security ISO 27001

Can you demonstrate to clients and stakeholders that your organisation is managing information security risks?

ISO 27001 is a globally recognised, risk-based Information Security Management System, tailored to your operations.

Our experienced ISO 27001 consultancy service ensures a cost-effective ISO 27001 journey.

Let us help you become certified.

What is ISO 27001?

ISO/IEC 27001:2013 or ISO 27001 as it is commonly known, is an international Information Security Management System (ISMS) standard.

It is a risk-based, robust framework that that outlines the key processes and approaches a business needs to manage information security risks, such as cyber-attacks and data breaches.

It enables organisations to demonstrate to clients and internal and external stakeholders that their security and risk management approach meets industry best practice with respect to protecting data, such as financial information, intellectual property, employee details or information entrusted by third parties.

The information security standard spans all industries, highlighting best practices for improving the security of information and minimising risks for businesses.

ISO 27001 also highlights how these practices can be refined, as information security needs develop in the future. Importantly, it adapts to your business as it changes.

Our comprehensive guide to ISO 27001

5 ISO 27001 myths that make the Standard seem expensive and difficult

The benefits of achieving ISO 27001 compliance?

More than ever, companies of all sizes are demanding this level of assurance from their suppliers. Consumers are also putting increased focus on information security and data protection.

We can help you streamline processes to achieve operational efficiencies and help you prove your organisation’s commitment to cyber and information security and data protection.

  • Minimise business risk Read more Read less

    Embedding ISO 27001 into your organisation will help to minimise the business risks around data breaches and cyber-attacks.

    This is especially important at a time when security breaches pose substantial legal, financial, and reputational risks.

  • Inspire customer trust Read more Read less

    Being able to show compliance with the standard instils trust in customers and provides peace of mind to stakeholders, who can be sure that their information assets are handled, stored, and managed securely.

  • Show your commitment to information security Read more Read less

    Many businesses opt for the ISO 27001 certification because the framework is recognised at an international level.

    It helps organisations to effectively manage their global reputation for best-practice information security management and gives them a competitive edge, not only nationally, but in alternative markets.

  • ISO 27001 grows and changes with your business Read more Read less

    The ISO 27001 framework is designed to grow with your business and focuses on the importance of taking a flexible approach to information security management.

    The considerations of using your ISO 27001 certification as the foundation of your NISD compliance [Whitepaper]

Ready to take control of your information security?

Contact us today to discuss how we can help you achieve your ISO 27001 certification

Let's go!

How PGI can help your organisation achieve ISO 27001 compliance

PGI’s Information Assurance experts can assist your organisation at every step of the certification process, including scoping, gap analysis, implementation, internal audit and compliance maintenance. Importantly, we believe that ISO 27001 should be a business enabler, so our team want to help you achieve and maintain compliance in the most cost-effective and efficient way possible.

Your organisation may want to handover the full certification process or your team may only need help with some aspects. Regardless of the areas you need assistance with, our team have the skills and experience to support your organisation in achieving and maintaining compliance.

Our Information Assurance team can be engaged for singular- or multiple-stage ISO 27001 consultancy services, dependent upon what your organisation needs. Please see below for information on the ways in which we can support your goals.

  • Initial stages Read more Read less


    The scope defines the information, systems and business operations that will be managed under the organisation’s Information Security Management System (ISMS) and will be certified to ISO 27001.

    Defining the scope encourages focus on the most critical areas of your business and the risks faced, as well as informing the selection of appropriate controls to tackle these risks.

    Our consultants can advise on the most appropriate scope for your organisation, which may significantly reduce the scale of your ISMS implementation and the overall cost.

    Gap Analysis – ISO 27001

    Gap analysis involves comparing what you are currently doing against what you must do to meet the compliance requirements of ISO 27001.

    It highlights shortfalls in compliance and where efforts must be concentrated to meet the requirements of the standard.

    Our expertise allows us to accurately assess your organisation’s current levels of compliance and provide pragmatic recommendations.

    Additionally, our consultants can perform a gap analysis more efficiently and effectively than internal staff, who are likely to hold other responsibilities and may not be as familiar with the intricacies of the standard.

    Risk Management

    Risk management is at the core of ISO 27001, so this phase identifies your important information and information processing assets, the assessment of security risks related to these assets, and the mechanisms through which these risks are controlled and monitored.

    Our ISO 27001 consultants are recognised as risk management experts, allowing them to build risk management processes that both fit your organisation and meet the requirements of ISO 27001.

    Working in partnership with you, the team will combine their knowledge of effective risk assessment with your understanding of business operations to accurately assess organisational security risks.

    Statement of Applicability (SoA)

    The SoA is a fundamental part of your ISMS and is one of the mandatory documents required to achieve certification.

    It explains which of the information security controls (as specified in Annex A of ISO 27001) have been selected to tackle risk as well as which have been omitted and the reasoning.

    Our team’s expertise and experience of ISMS implementation, coupled with your familiarity of the business, helps to ensure that your SoA meets appropriate standards to achieve certification.

    We can also undertake a gap analysis that compares the current state of these controls against what must be done to meet the compliance requirements of the standard.

  • Implementation Read more Read less

    Implementation involves putting in place the control measures to ensure compliance with ISO 27001.

    Failure to implement the controls necessary to mitigate risk means the organisation will not be compliant with ISO 27001.

    This could increase the likelihood of data breaches and subsequent fines or penalties, as well as enormous reputational damage.

    With our support, your organisation can be assured that the control measures implemented are pragmatic and provide the appropriate levels of assurance.

    As an example, our team can apply their expertise to develop best practice, compliant policies and procedures, allowing your workforce to focus efforts on other implementation activities.

    Our wider team can also perform penetration tests and vulnerability assessments to identify vulnerabilities, which can also demonstrate ongoing review and continuous improvement of the ISMS, which is required by the standard.

    Engaging with us allows an independent and unbiased view of the suitability of the controls being implemented.

    More about penetration testing

  • Audit support Read more Read less

    Internal audit

    Internal audit involves reviewing the implemented controls to ensure they are working effectively to manage risk and meet the requirements of ISO 27001.

    Performing audits is a key aspect of ISO 27001 compliance and supports the principle of review and continuous improvement of security that is pivotal to compliance with the standard.

    As qualified ISO 27001 Lead Auditors, you can be assured that our consultants will perform thorough and professional audits that cover all aspects required to maintain certification.

    Certification and readiness (review and audit support)

    A guiding hand through your certification audits.

    Our consultants will help to ensure all required documentation is up to date and in place for the Stage 1 audit and they can help you demonstrate the full operation of your ISMS for the Stage 2 audit.

    Using our consultants’ knowledge of the ISO 27001 standard and the expectations of external auditors, gives you the best chance of achieving certification.

  • Continuous improvement Read more Read less

    Continuous improvement is about maintaining your compliance. This is done by regularly reviewing the performance of the ISMS and enhancing measures where required.

    After achieving certification, organisations are subject to regular surveillance audits from their external auditor.

    These surveillance audits occur approximately every 6‐12 months. They are performed to monitor the organisation’s ongoing commitment to security and compliance.

    Organisations must demonstrate that they have reviewed and, where necessary, improved security measures. Any business changes that impact security must be factored into the ISMS to ensure security measures remain robust.

    Our expertise and experience can help you devise an effective continuous improvement programme that is suitable for your organisation.

    Our team provide you with specialist knowledge and resource capacity, enabling your workforce to concentrate on their core operations.

Why choose PGI to help you on your ISO 27001 journey?


PGI is a leading choice for ISO 27001 consultancy and implementation, which we can undertake remotely or onsite.

Our team of dedicated ISO 27001 professionals have years of experience in helping organisations become gain and maintain the certification, so you can focus on your core operations.

What makes us different? We tailor our consultancy to each business that we work with, ensuring that any new processes that you choose to implement blend effortlessly with your existing business model. We want ISO 27001 to work for you – not the other way around!

We also offer fully-guided ISO 27001 training—taking you and your team right through from introducing the framework to implementing new ways of working and to achieving ISO 27001 certification. Our comprehensive training approach ensures you have everything you need to achieve your certification.

PGI itself is an ISO 27001 certified organisation.

Download our ISO 27001 consulting services brochure.

PGI’s business development and specialist teams took the time to understand Valtex, enabling them to provide specific support for our specific challenge and requirements where other consultancies had failed to. We also appreciated the quality of the information provided and the straightforward communication that ensured we understood what was happening at every stage.

Head of Risk and Security, Valtex UK

We chose PGI because they are known for their quality of service. Our initial enquiry via email was responded to in a professional, prompt and courteous manner and the onsite Cyber Essentials Plus Assessor was knowledgeable, fit into our office environment without hinderance and was very thorough. We now have every confidence in our IT policy and the security of our data and practices.

Operations Director, Fides Enterprise Solutions Limited

PGI helped us achieve GDPR compliance and the Cyber Essentials certification, which means we can now do business with our Local Authorities. PGI’s team were friendly, professional and supportive throughout the process.

Branch Manager, Jimac Radio Cars Ltd

As an IT Company it's good to show our client base that we are serious about cyber security. PGI staff were extremely polite and supportive, answering all the questions we had. Even though the time between initial enquiry and actually starting the project was a bit slow on our end, we were met with patience and understanding.

Managing Director, Bells IT Support Ltd

PGI helped us achieve our Cyber Essentials certification. The staff were very helpful throughout the process and the questionnaire was easy to use. What we thought put PGI above other providers is the guidance included in the (already competitive) price.

Head of Business Systems, Enigma Industrial Services

PGI were a client of ours, so when we needed to achieve the Cyber Essentials certification, we engaged them to assist. The service provided was quick and straightforward and we now have in place a cyber security framework to keep our client data safe.

Commercial Business Manager, Jobseekers Recruitment Services

PGI came highly recommended to us when we need to undertake a penetration test on our web application. The resulting report was of an exemplary standard—with easy to understand information, as well as further in-depth reading recommendations—and it has raised the profile of the security within the organisation.

IT Manager, Wansbroughs

As a key supplier of medical equipment to the NHS, we qualified for Government COVID funding for a Cyber Essentials check on our IT systems. It was simple to arrange, we found PGI easy to work with and overall the service has been an excellent sanity check on our IT systems and processes to ensure we are working to best current security practices. Definitely worth doing if you have the option.

Technical Director, Healthcare Sector

ISO 27001 knowledge hub

Understanding the requirements for ISO 27001 may seem like a daunting task, but we have produced some material below which may help. In addition to our ISO 27001 training courses, we have provided a number of blog articles, written by our experts, which help to remove some of the mysteries surrounding certification, and which also speak in plain English rather than technical jargon.

For ISO 27001 training, please visit our Cyber Academy page.

Want to find out more?

Contact Us:

t: +44 20 4566 6600