What Is ISO 27001?

Information Security Management

ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS). It provides a systematic approach to managing sensitive company information — ensuring it remains secure through risk management, security controls, and continual improvement.

Any organisation that handles sensitive data — client information, financial records, personal data, or intellectual property — benefits from ISO 27001. It is increasingly required by enterprise clients, government tenders, and regulated industries including finance, healthcare, and technology.

Get a Quote for ISO 27001 →

Why Portlanders Services?

Our Principal Consultant is a certified Lead Auditor for ISO 27001 with over 23 years of practical implementation experience. We've guided organisations through every stage — assessment to certification — and beyond.

Business Benefits

Why get ISO 27001 certified?

Protect sensitive client data and intellectual property

Demonstrate cybersecurity compliance to clients and regulators

Meet requirements of Nigeria Data Protection Act (NDPA)

Reduce risk of costly data breaches and ransomware

Qualify for enterprise and government contracts requiring ISMS

Certification Journey

Our step-by-step process

Click each step to see exactly what happens, what we deliver, and how long it takes.

Step 01 Scope Definition

⏱ 1 week

Define the boundaries of your ISMS — which systems, locations, and information assets are in scope.

Deliverables

ISMS Scope Document

Context of Organisation Analysis

Interested Parties Register

Step 02 Risk Assessment

⏱ 2–3 weeks

Identify information assets, threats, vulnerabilities, and risks. Determine appropriate treatment for each risk.

Deliverables

Asset Register

Risk Assessment Methodology

Risk Treatment Plan

Step 03 Controls Selection

⏱ 2–3 weeks

Select applicable security controls from ISO 27001 Annex A and document your Statement of Applicability.

Deliverables

Statement of Applicability (SoA)

Control Implementation Guide

Security Policies

Step 04 Documentation & Implementation

⏱ 4–8 weeks

Develop all required ISMS policies, procedures, and records. Deploy selected controls across the organisation.

Deliverables

ISMS Policy Suite

Security Procedures

Control Evidence

Staff Training

Step 05 Internal Audit

⏱ 1–2 weeks

Conduct a full ISMS internal audit, identify non-conformances, and support corrective actions before external audit.

Deliverables

Internal Audit Report

Non-conformance Register

Corrective Actions

Step 06 Certification Audit

⏱ 2–4 weeks

Prepare for and support you through the two-stage external certification audit — Stage 1 (documentation review) and Stage 2 (implementation audit).

Deliverables

Pre-audit Review

Stage 1 & 2 Support

Certificate Achievement

What ISO 27001 Requires

→Information security risk assessment and treatment
→Security controls aligned to Annex A (93 controls in 2022 version)
→Asset inventory and classification
→Incident management and business continuity procedures
→Regular internal audits and management reviews

Start Your ISO 27001 Journey →

Related Standards

You may also be interested in

Information Security Management