PsyBear PSYBEAR SECURITY
Services Maul ISO 27001 NIS2 Contact Book a consultation
← SERVICES
ACCREDITED LEAD AUDITOR

ISO/IEC 27001:2022 — done with you, not to you.

A clear, guided path from wherever you are today to a certified information security management system — led by an accredited Lead Auditor who also knows how attackers think.

Start with a gap assessment See the path
IN SHORT
ISO/IEC 27001 is the international standard for managing information security. Certification proves to customers, partners and regulators that you protect data systematically — and increasingly, it's the price of entry to win enterprise and public-sector contracts.
THE PATH TO CERTIFICATION

Five stages, no surprises.

Most organisations reach certification in around 6–12 months, depending on starting maturity. We'll give you a realistic timeline after the gap assessment.

STAGE 01
~2–3 WEEKS
Gap assessment

We measure your current state against all 93 Annex A controls and the management-system clauses, then hand you a prioritised report of exactly what's missing and what's already fine.

STAGE 02
VARIABLE
Remediation & ISMS build

We help you close the gaps and stand up the policies, risk assessment, Statement of Applicability and evidence your ISMS needs — practical and right-sized, not a binder no one reads.

STAGE 03
~1–2 WEEKS
Internal audit

A full internal audit of your ISMS to find and fix non-conformities before the certification body ever sees them — exactly the rehearsal you want.

STAGE 04
STAGE 1 & 2
Certification audit support

We prepare you for, and support you through, the certification body's Stage 1 (documentation) and Stage 2 (implementation) audits — and help you respond to any findings.

STAGE 05
ONGOING
Maintain & surveillance

Certification lasts three years with annual surveillance audits. We keep your ISMS healthy between them — and Maul keeps your controls continuously evidenced.

THE GAP-ASSESSMENT REPORT

A map, not a maze.

Every Annex A control rated: in place, partial, or missing.
A prioritised remediation plan — quick wins first.
A realistic timeline and effort estimate to certification.
Written for both your tech team and your board.
WHY PSYBEAR

Auditor's eye, attacker's mind.

Most consultancies can write you a policy. We also test whether it actually holds up — because we red-team for a living. Your controls don't just exist on paper; we've tried to break them. That's an ISMS auditors trust and attackers respect.

Common questions

How long does certification take?

Typically 6–12 months end to end, driven by your starting maturity and how quickly remediation gets done. The gap assessment gives you a firm timeline.

Do you also issue the certificate?

No — and nobody reputable does both. An independent certification body issues the certificate; we prepare you to pass their audit with confidence.

We're small — is it overkill?

No. The standard scales. We right-size the ISMS to your business so it's genuinely useful, not bureaucracy for its own sake.

Can you start mid-journey?

Yes. If you already have policies or a part-built ISMS, the gap assessment simply picks up from where you are.

Find out exactly where you stand against ISO 27001.

Start with a gap assessment — no obligation, and you'll come away with a real plan either way.

Book a consultation
PsyBear PSYBEAR SECURITY
Services Maul ISO 27001 NIS2 Privacy Contact
"We MAUL so others cannot."
© 2026 PsyBear Security · Dublin, Ireland · All rights reserved.