Service
ISO/IEC 27001 implementation
We build a working information security management system, not a shelf of binders. From risk assessment to readiness for the certification body audit.
- ISO/IEC 27001
- 3000+ workstations
- Since 2017
Implementing ISO/IEC 27001 is a project that puts information security in order across the whole company. We run it so the certificate confirms a real state, not a one-off scramble before the audit.
What we implement
The management system elements the standard requires, assembled into a coherent and usable whole.
-
Risk assessment
We identify assets, threats and vulnerabilities, then assess risk against an agreed methodology. This is the foundation the whole system rests on.
-
Statement of Applicability
We prepare the Statement of Applicability against Annex A controls. Every control is justified by the outcome of the risk assessment.
-
Policies and procedures
We create documentation matched to your processes: access management, backups, incident handling, remote work.
-
Roles and training
We define responsibilities within the system and train the team, so the rules are applied, not just written down.
-
Internal audit
We run the internal audit and management review the standard requires before certification.
-
Certification readiness
We guide the company through stage 1 and stage 2 of the certification body audit, including responses to nonconformities.
The most common implementation mistake
The most common mistake is treating ISO 27001 as a documentation project. A full set of policies gets copied from a template, nobody applies them, and at the first audit reality turns out to diverge from paper. That kind of system does not protect data and does not pass an audit without corrections.
I run implementations differently. We start from a risk assessment based on your real processes, and the documentation is written as a description of what you actually do and what we improve. As a result the Statement of Applicability has real justification, and the certification body auditor sees consistency between records and practice.
What the certificate gives you beyond the paper
An ISO 27001 certificate opens tenders and contracts where compliance is a condition of entry. That is a measurable commercial gain. More important, though, is that the company stops running on tribal knowledge and starts running on repeatable processes.
Known risks, clear access rules, tested backups and a rehearsed incident response add up to real resilience. When a key person leaves or an attack hits, the company knows how to act, because it has this written down and tested.
How we run the project
In stages, with a clear split of work and visible progress at every step.
- 3-6 monthstypical implementation time
- 2 stagesrisk assessment and documentation
- internal auditbefore certification
- readinessfor the certification body audit
- Analysis and system scope. We set the ISMS scope and the context of the organization, then run the risk assessment. This sets the priorities for the whole implementation.
- Documentation and rollout. We create policies and procedures, implement missing controls and train the team. The documents describe the real state.
- Verification and internal audit. We check the system effectiveness with an internal audit and management review, to catch gaps before the certification body.
- Support during certification. We take part in the certification audit and help close any nonconformities.
How we bill
We quote this service individually after a scope survey.
Frequently asked questions
How long does ISO 27001 implementation take?
Usually three to six months, depending on the size of the company and the maturity of its processes. After scoping we give you a concrete timeline with stages.
Does Jeton issue the certificate?
No. The certificate is issued by an independent certification body after its own audit. We build the system and prepare the company to pass that audit without corrections.
Do we need our own ISO officer?
It is not a requirement. We can run the implementation and act as your support, and at the same time prepare a nominated person to maintain the system after certification.
Who runs the implementation?
The project is led by an internal ISO/IEC 27001 auditor with hands-on experience in real implementations and incident response. The system is built for daily use, not for a single audit day.
Does the certificate help with NIS2 compliance?
ISO 27001 covers a large part of the security measures NIS2 expects, so it is a strong base. It does not replace a dedicated NIS2 gap analysis, which we can run alongside.
Let us talk about your project
Answer 2 questions about your company. You will see a simple estimate right away, and we will prepare a full proposal within 24 business hours.
- 2 minutes, no commitment
- You talk to an engineer, not a salesperson
- No spam, one contact about your quote