Service

ISO/IEC 27001 implementation

We build a working information security management system, not a shelf of binders. From risk assessment to readiness for the certification body audit.

Call +48 22 378 48 62
  • ISO/IEC 27001
  • 3000+ workstations
  • Since 2017

Implementing ISO/IEC 27001 is a project that puts information security in order across the whole company. We run it so the certificate confirms a real state, not a one-off scramble before the audit.

What we implement

The management system elements the standard requires, assembled into a coherent and usable whole.

  • Risk assessment

    We identify assets, threats and vulnerabilities, then assess risk against an agreed methodology. This is the foundation the whole system rests on.

  • Statement of Applicability

    We prepare the Statement of Applicability against Annex A controls. Every control is justified by the outcome of the risk assessment.

  • Policies and procedures

    We create documentation matched to your processes: access management, backups, incident handling, remote work.

  • Roles and training

    We define responsibilities within the system and train the team, so the rules are applied, not just written down.

  • Internal audit

    We run the internal audit and management review the standard requires before certification.

  • Certification readiness

    We guide the company through stage 1 and stage 2 of the certification body audit, including responses to nonconformities.

The most common implementation mistake

The most common mistake is treating ISO 27001 as a documentation project. A full set of policies gets copied from a template, nobody applies them, and at the first audit reality turns out to diverge from paper. That kind of system does not protect data and does not pass an audit without corrections.

I run implementations differently. We start from a risk assessment based on your real processes, and the documentation is written as a description of what you actually do and what we improve. As a result the Statement of Applicability has real justification, and the certification body auditor sees consistency between records and practice.

What the certificate gives you beyond the paper

An ISO 27001 certificate opens tenders and contracts where compliance is a condition of entry. That is a measurable commercial gain. More important, though, is that the company stops running on tribal knowledge and starts running on repeatable processes.

Known risks, clear access rules, tested backups and a rehearsed incident response add up to real resilience. When a key person leaves or an attack hits, the company knows how to act, because it has this written down and tested.

How we run the project

In stages, with a clear split of work and visible progress at every step.

  • 3-6 monthstypical implementation time
  • 2 stagesrisk assessment and documentation
  • internal auditbefore certification
  • readinessfor the certification body audit
  1. Analysis and system scope. We set the ISMS scope and the context of the organization, then run the risk assessment. This sets the priorities for the whole implementation.
  2. Documentation and rollout. We create policies and procedures, implement missing controls and train the team. The documents describe the real state.
  3. Verification and internal audit. We check the system effectiveness with an internal audit and management review, to catch gaps before the certification body.
  4. Support during certification. We take part in the certification audit and help close any nonconformities.

How we bill

We quote this service individually after a scope survey.

See how we price audits and compliance

Frequently asked questions

How long does ISO 27001 implementation take?

Usually three to six months, depending on the size of the company and the maturity of its processes. After scoping we give you a concrete timeline with stages.

Does Jeton issue the certificate?

No. The certificate is issued by an independent certification body after its own audit. We build the system and prepare the company to pass that audit without corrections.

Do we need our own ISO officer?

It is not a requirement. We can run the implementation and act as your support, and at the same time prepare a nominated person to maintain the system after certification.

Who runs the implementation?

The project is led by an internal ISO/IEC 27001 auditor with hands-on experience in real implementations and incident response. The system is built for daily use, not for a single audit day.

Does the certificate help with NIS2 compliance?

ISO 27001 covers a large part of the security measures NIS2 expects, so it is a strong base. It does not replace a dedicated NIS2 gap analysis, which we can run alongside.

Let us talk about your project

Answer 2 questions about your company. You will see a simple estimate right away, and we will prepare a full proposal within 24 business hours.

  • 2 minutes, no commitment
  • You talk to an engineer, not a salesperson
  • No spam, one contact about your quote