ISO Compliance

Gap Analysis, Implementation
& Certification Readiness

From initial gap analysis to audit-ready management systems — practical, structured support for ISO 27001 and ISO 9001 certification journeys.

The Service
ISO Compliance Without
the Unnecessary Overhead

ISO certification is a significant undertaking — and the organisations that struggle with it usually do so because they've approached it as a documentation exercise rather than a management system implementation. The standard requires genuine operational change, and that change needs to be governed effectively to deliver certification that lasts.

Fredian Shield supports organisations through every stage of the ISO compliance journey — from understanding the gap between where you are and where the standard requires you to be, through to building the management system, policies, and operational controls that will satisfy a certification body.

We bring practical experience of implementing ISO 27001 in complex organisational environments, with an approach that builds real capability rather than paper compliance.

🎯
Who This Is For
Organisations pursuing certification or improving compliance maturity
📋
Standards Covered
ISO 27001 · ISO 9001 · ISO 27701 · Cyber Essentials
🏛
Governance Level
Senior Leadership · CISO · Quality & Risk Teams
💷
Engagement Model
Day-rate · Collaboratively scoped
Standards We Work With
ISO 27001
Information Security Management

The international standard for information security management systems (ISMS). Covers risk assessment, controls, and the management framework required for certification.

ISO 9001
Quality Management Systems

The international standard for quality management. Covers customer focus, process approach, continuous improvement, and the documented system required for certification.

ISO 27701
Privacy Information Management

An extension to ISO 27001 covering privacy information management — particularly relevant for organisations subject to GDPR and similar data protection obligations.

What We Deliver
The Workstreams
01

Gap Analysis & Readiness Assessment

A structured review of your current position against the requirements of the relevant standard — identifying gaps, assessing risk, and producing a prioritised action plan. The output gives leadership a clear picture of the effort, scope, and timeline required for certification.

Clause-by-clause gap analysis Risk and control assessment Prioritised remediation roadmap Effort and timeline estimate Board-ready summary
02

Management System Implementation

Design and implementation of the management system the standard requires — including scope definition, context of organisation, risk assessment methodology, statement of applicability (ISO 27001), and the documented processes that auditors will review.

Scope & context documentation Risk assessment framework Statement of applicability (ISO 27001) Management system documentation Documented processes & procedures
03

Policy & Procedure Development

A complete set of policies and procedures that meet standard requirements and are practical for your organisation to implement. Written to be followed, not to pass an audit — and reviewed with operational teams to ensure they reflect how the organisation actually works.

Information security policy suite Acceptable use policies Incident management procedures Business continuity & DR procedures Supplier & third-party policy
04

Internal Audit & Certification Readiness

Preparation for the Stage 1 and Stage 2 certification audits — ensuring your management system, documentation, and operational evidence are in the shape a certification body expects. We conduct internal audits, identify remaining gaps, and prepare your team for the external assessment.

Internal audit programme Audit findings & corrective actions Management review facilitation Stage 1 readiness review Stage 2 preparation support
What You Walk Away With
Outcomes
🏆
Certification Readiness

A management system and documentation suite designed to pass Stage 1 and Stage 2 assessment — not just look like it might.

🛡
Real Security Capability

An ISMS that actually improves your security posture — not just a document set that ticks certification boxes.

📋
Practical Policies

A policy suite that staff can follow and that reflects how your organisation actually operates.

Ongoing Compliance Capability

The internal audit processes and management review structures to maintain certification year on year.

Starting Your ISO Journey?

Start with a gap analysis conversation. We'll give you a clear picture of where you stand and what certification actually requires from your organisation.

Get in Touch