Gap Analysis, Implementation
& Certification Readiness
From initial gap analysis to audit-ready management systems — practical, structured support for ISO 27001 and ISO 9001 certification journeys.
the Unnecessary Overhead
ISO certification is a significant undertaking — and the organisations that struggle with it usually do so because they've approached it as a documentation exercise rather than a management system implementation. The standard requires genuine operational change, and that change needs to be governed effectively to deliver certification that lasts.
Fredian Shield supports organisations through every stage of the ISO compliance journey — from understanding the gap between where you are and where the standard requires you to be, through to building the management system, policies, and operational controls that will satisfy a certification body.
We bring practical experience of implementing ISO 27001 in complex organisational environments, with an approach that builds real capability rather than paper compliance.
The international standard for information security management systems (ISMS). Covers risk assessment, controls, and the management framework required for certification.
The international standard for quality management. Covers customer focus, process approach, continuous improvement, and the documented system required for certification.
An extension to ISO 27001 covering privacy information management — particularly relevant for organisations subject to GDPR and similar data protection obligations.
Gap Analysis & Readiness Assessment
A structured review of your current position against the requirements of the relevant standard — identifying gaps, assessing risk, and producing a prioritised action plan. The output gives leadership a clear picture of the effort, scope, and timeline required for certification.
Management System Implementation
Design and implementation of the management system the standard requires — including scope definition, context of organisation, risk assessment methodology, statement of applicability (ISO 27001), and the documented processes that auditors will review.
Policy & Procedure Development
A complete set of policies and procedures that meet standard requirements and are practical for your organisation to implement. Written to be followed, not to pass an audit — and reviewed with operational teams to ensure they reflect how the organisation actually works.
Internal Audit & Certification Readiness
Preparation for the Stage 1 and Stage 2 certification audits — ensuring your management system, documentation, and operational evidence are in the shape a certification body expects. We conduct internal audits, identify remaining gaps, and prepare your team for the external assessment.
A management system and documentation suite designed to pass Stage 1 and Stage 2 assessment — not just look like it might.
An ISMS that actually improves your security posture — not just a document set that ticks certification boxes.
A policy suite that staff can follow and that reflects how your organisation actually operates.
The internal audit processes and management review structures to maintain certification year on year.
Starting Your ISO Journey?
Start with a gap analysis conversation. We'll give you a clear picture of where you stand and what certification actually requires from your organisation.
Get in Touch