Helping you with ISO 27001

We feel your pain

Achieving and maintaining ISO 27001 certification can be complex and overwhelming but it doesn’t have to be. With our ISO training sessions we will help you understand the ISO 27001 requirements and provide you with helpful resources.


It is quite common to establish an overly complicated, vastly documented and unnecessarily burdensome ISMS. We can provide advice about the ISO 27001 requirements with the perspective of having worked on hundreds of information security management systems. We know what good looks like!

Risk management / Controls

The ISO 27001 framework relies on an effective risk management process that should function as an important operational tool. But, too often, the ISO 27001 risk management process ends up being over complicated, poorly understood and only maintained to keep an auditor happy. Get it wrong and you will end up trying to implement ISO 27001 controls that are not needed. We can advise on your ISO 27001 risk assessment process, your risk treatment plan and the structure of your ISO 27001 statement of applicability.

Communication, awareness and engagement

A sign of an effective ISO 27001 information security management system is that no-one talks about it! It becomes indistinguishable from the rest of the business, it is "business as usual". We often support our clients with help and advice about how to communicate relevant information security messages to raise and maintain information security awareness and to achieve engagement with the important ISO 27001 requirements.


Even a long-established and mature ISO 27001 ISMS needs to be continually improving. It can be difficult to achieve or evidence (those pesky auditors often ask what has been improved) but we can provide help and guidance about how to identify information security and ISMS improvement opportunities and how to structure your approach.

BS EN ISO IEC 27001:2013 provides the framework for an Information Security Management System or ISMS.

The core ISO 27001 requirements are provided in clause 4.1 through to 10.2 and the Annex A controls you may choose to implement (based on your risk management) are listed in control groups A.5 through to A.18.

To achieve ISO 27001 certification you will need to meet all the core ISO 27001 requirements. A fundamental core requirement (6.1) is to identify, assess and make treatment decisions about your information security risks which helps you determine what specific risk-reducing controls are required and whether the ISO 27001 Annex A controls are applicable.

Authoritative and proven support

ISO 27001 Help Sessions

Our support sessions will help to resolve your specific issues with your ISO 27001 Management System.

Sessions take place online with a video conference call using Microsoft Teams.

FREE 30 Minute Session

It's important that you trust us and that you feel we can establish a rapport.

Let's have an initial chat.

Life Belt Session (half day)

You're struggling with a few areas and we can address these in a few hours with our ISO 27001 training sessions.

Life Raft Session (full day)

You've got concerns with many areas or you're failing on critical elements. It'll take a full day to review and address these through our ISO 27001 training sessions.

ISO 27001 Lifesavers

We’re a close-knit crew who have worked together for years, providing ISO 27001 training, support and guidance.

Mike Huthnance - ISO 27001 Consultant and trainer

Mike Huthnance

ISO 27001 Lifesaver

Implementing ISO 27001 systems for clients and delivering training and ISO 27001 lead auditor services for the last 15 years.

Jon Robinson - ISO 27001 Consultant and trainer

Jon Robinson

ISO 27001 Lifesaver

Implementing ISO 27001 with clients for the last 4 years as part of Orbit and lead auditor for a UKAS accredited certification body.

Our Impact


Years Providing ISO 27001 Services


ISO 27001 Systems Implemented or Audited


Years of Combined Team Experience

ISO 27001 - Recent Articles

ISO 27001 ISMS Scope

Defining the scope of your ISMS is a crucial part of your early system planning as it establishes the foundation for all other activities during the ISMS implementation including the effective identification of relevant risks and the determination of necessary risk-reducing controls.

ISO Coaching and Support

After years of talking about it and many months of planning it, we’re delighted that our remote ISO 27001 and ISO 45001 coaching and support

Benefit from our expert ISO training and support

Start making progress today

We offer one-to-one tailored ISO training sessions, via video calls, that will resolve your specific ISO 27001 ISMS or ISO 45001 OH&S issues.

Get started with a FREE support session, or subscribe to get regular information, resources and tools.
man lifting an elephant symbolising the support offered by ISOSOS with ISO Management Systems
ISOSOS yellow logo


for free resources and tools

Receive regular emails with free resources, tools, news, and advice. You can unsubscribe at any time. Read our privacy policy.