01
Your client requires it to keep working with you
More and more mid-size and large companies include ISO 27001 as a contractual requirement for their suppliers. It's not optional: either you get certified or you lose the contract.
ISO/IEC 27001:2022 · Information SecurityYou're being pushed
You're being pushed
to get certified in
ISO 27001.
We'll handle it.
We implement an Information Security Management System (ISMS) on your real operations - not documentation nobody will ever use. For small and medium-sized businesses - a law firm, a consultancy, an agency, a tech SME - that need the certificate without grinding their day-to-day to a halt.
Real technical controlsMinimum viable system, no bureaucracyFree diagnosis in 24h
Get your free diagnosisNo commitment · We tell you which controls you already meet without knowing it
We work with
Law firms and consultanciesTech SMEs, 10 to 250 employeesSuppliers of regulated companiesB2B businesses
Why nowThere are strong reasons
There are strong reasons
to get certified now.
02
The tender scores it or requires it outright
In public and private tenders, having ISO 27001 earns points or is a mandatory requirement. Competing without it means ceding ground to those who already have it.
03
Every sale stalls on a security questionnaire
Your clients - especially regulated ones or those with NIS2 behind them - send increasingly demanding security questionnaires. Without ISO 27001, each questionnaire is weeks of work; with it, a single answer.
04
Your competition already has it
More than 3,000 Spanish companies are certified in ISO 27001. In more and more sectors, certification is already a de facto standard - not a differentiator.
Our approachISO 27001 implemented
ISO 27001 implemented
with technical rigour.
Most ISO consultancies write documents. We implement controls on your real operations - the systems, accesses and processes you already use every day - and leave you with an ISMS that actually works, not one that just passes the audit.
01
Real controls, not just documentation
We assess how your company truly works - systems, accesses, data, suppliers, critical processes - and implement the Annex A controls on what you already have.
02
A minimum viable system, easy to maintain
We know many companies have no security officer - or even an IT team in some cases. We design the simplest ISMS that passes the audit: no unnecessary bureaucracy, easy to maintain even if security is handled by someone who already has five things on their plate.
03
We know what is certifiable and what is not
We won't sell you certification on everything. NIS2, for example, is not a certification - it's compliance; ISO 27001 is. We explain exactly what you need based on your situation, without over-engineering or unnecessary paperwork.
How we workFour phases,
Four phases,
one certificate.
A process designed for SMEs: diagnosis of your real operations, implementation on what you already have, and coordination with the certification body - without grinding your day-to-day to a halt.
01
Diagnosis
Gap analysis of your current situation. We identify which controls you already meet without knowing it and what is actually missing.
02
Implementation
Documentation, risk analysis, operational controls on what you already have, and training for the team involved.
03
Internal audit
Pre-certification check so you go into the external audit with certification assured.
04
Certification
We coordinate the phase 1 and phase 2 audits with the certification body. ISO 27001 certificate obtained.
Free diagnosisWe tell you which ISO 27001 controls
We tell you which ISO 27001 controls
you already meet without knowing it.
If you're being pushed to get certified - a client, a tender, a security questionnaire that keeps growing - you probably already meet more controls than you think. Whether you're a law firm, a consultancy or a tech SME, tell us your situation and we'll map it out for you.
The free diagnosis
We review your current operations and send you in writing which ISO 27001 controls you already meet and which ones you're missing. No commitment.
The follow-up call (optional)
If you want to go further, in 30 minutes we give you a timeline and cost tailored to your company and explain whether NIS2 affects you and how it relates to ISO 27001.
Step 1 of 3
