top of page

ISO Consulting Services Built Around Your Commercial Goals

At A Glance

  • Three Services: ISO 27001 implementation, ISO 42001 AI governance, and independent internal audit.
     

  • Three Tiers: Bronze (readiness assessment), Silver (assisted implementation), and Gold (consultant-led).
     

  • Where: Based in the UK, working with clients across EMEA.
     

  • Starting Point: Free 20-minute scoping call.
     

Every engagement starts from the same question: What commercial outcome are you trying to unlock? Whether it's a contract, a funding round, board sign-off, or supplier approval, the ISO work exists to get you where you need to be.

ISO 27001 Implementation and Readiness

Build an Information Security Management System that passes audits and wins deals.
 

  • Enterprise Procurement Large buyers mandate ISO 27001 for vendor approval.
     

  • Investor Due Diligence A recognised framework for protecting IP and customer data.
     

  • Regulatory Pressure Rising expectations in FinTech, MedTech, and regulated sectors.
     

Typical clients: Post-seed and Series A startups, university spin-outs, and established tech firms.
 
Learn more about ISO 27001 consulting →

ISO 42001 and Responsible AI Governance

Govern AI products and systems to a standard boards and regulators can trust.

  • EU AI Act Readiness A structured response to emerging compliance obligations.
     

  • Board AssuranceEvidence-based governance, not just ethics statements.
     

  • Integration with ISO 27001 Extends your existing ISMS to cover AI-specific risks.


Typical clients: Enterprises launching AI products, universities with AI programmes, and AI-native tech firms.

Learn more about ISO 42001 and AI governance →

Independent Internal Audit

Objective assurance that your management systems actually work.
 

I provide independent internal audits for ISO 27001 and ISO 42001 as a certified Lead Auditor. My reports are delivered to boards and audit committees and are designed to surface what is actually happening, not confirm what people hope is true. To maintain strict impartiality, I do not audit any management system I have designed within the same cycle.
 

  • Enterprises with existing security teams needing external validation.

  • Organisations approaching surveillance or recertification audits.

  • Boards requiring independent assurance for risk committees.



Learn more about internal audit services →

Service Tiers

Bronze

Readiness & QuickStart Scoping workshops, gap analysis for ISO 27001 and ISO 42001, certification roadmap, 90-day quick wins, core policy suite, and starter risk register.

Silver

Assisted Implementation Everything in Bronze, plus: Statement of Applicability, full risk assessment, asset register, 20–30 tailored documents, implementation workshops, staff training (up to 25 people), pre-Stage 1 review, Stage 1 audit liaison.

Gold

Consultant-Led & Strategy Everything in Silver, plus: ISO 42001 integration, one full internal audit cycle, management review facilitation, investor/board summary pack, training (up to 60 people), supplier risk management setup, Stage 2 audit support, three months post-certification GRC support.

How Engagements Work

  • Scoping Call (20 minutes - free)You tell me the commercial driver, the deadline, and the goal. I give you an honest view.

  • Proposal Clear scope, deliverables, timeline, and fee. No hidden costs.
     

  • Delivery Regular checkpoints and direct access to me throughout the project.
     

  • Audit Readiness Documentation, evidence, and your team prepared for the certification body assessment.



Book a 20 minute scoping call

bottom of page