ISO27001 Advantage: Complete Implementation Programme
Everything you need to achieve certification in 6 months
Our ISO27001 Advantage programme is specifically designed to make ISO 27001 certification straightforward for small businesses. Led by ISO 27001 experts who have helped dozens of organisations achieve certification successfully.
Unlike traditional consulting that charges by the hour with no guarantee of success, our fixed-price programme includes everything you need from initial assessment through to certification.
What’s Included in ISO27001 Advantage?
Clear Roadmap and Guidance
We provide you with a structured roadmap that outlines the step-by-step process of implementing ISO 27001 within your business. Our expert guidance ensures that you have a clear understanding of each phase, allowing you to progress smoothly and confidently toward certification within your timescale.
Template Documents and Training Portal
As part of the programme, you will have access to a comprehensive set of documents, policies, and procedures with step-by-step instructions on how to modify them for your business, saving months of development time. Our training portal provides clear explanations and instructional videos to ensure you understand what you’re implementing, not just copying documents blindly. These resources have been implemented into a number of businesses who have achieved certification.
Weekly Accountability Calls
Regular check-ins keep your project moving forward and address issues before they become roadblocks. Most ISO 27001 implementations fail due to lack of momentum – our weekly calls ensure consistent progress and provide immediate answers to questions as they arise. The regular check-ins keep you motivated, accountable, and on track towards your certification goal.
Internal Audit Support
You will need a full suite of internal audits to be able to progress to certification and our team ensures it meets auditor expectations while highlighting areas for improvement. This helps to identify any gaps before your certification audit, eliminating surprise failures. Our internal audit team is very experienced and provides an objective assessment of your ISMS.
Management Review Meetings
Our programme includes attendance at two Management Review meetings to ensure compliance with ISO 27001 standards. These meetings provide an opportunity for the organisation to review progress, discuss improvements, and demonstrate commitment to maintaining information security within the business. These meetings are often where implementations fail – we ensure they’re conducted correctly the first time.
Risk Management Meetings
We assist you in conducting two risk assessment meetings, which are a critical component of ISO 27001 compliance. Our experts will guide you through this process, helping you identify the most effective risk process for your business and then to document vulnerabilities, assess risks, and implement necessary controls to enhance your information security practices. Risk Management is a key part of the implementation process and it should be a simple to follow process.
Comprehensive Staff Training
Your entire team needs to understand their role in information security, creating genuine compliance rather than just documentation. We provide specific training so everyone from management to front-line staff knows their responsibilities and how to maintain and operate your ISMS.
Unlimited Email Support
Quick answers to questions prevent delays and ensures consistent implementation across your organisation. Rather than waiting for scheduled calls, you get prompt responses to keep your project moving and resolve issues as they occur.
Personal Audit Support Value £3000 – Included at no extra cost
We attend both your Stage 1 and Stage 2 certification audits with you, providing real-time expert guidance and support when it matters most. Most consultants charge extra for audit attendance or don’t offer it at all – we include it because we’re committed to your certification success and suppoorting you all the way to certification.
Why Choose Us?
100% Certification Success Rate
Every client who has completed our ISO27001 Advantage programme has achieved certification on their first attempt. This isn’t luck – it’s the result of our proven approach, comprehensive support, and expert guidance throughout the entire process.
Expert Team with Real-World Experience
Audit & Risk Professionals is led by specialists who understand ISO 27001 inside and out. Lesley leads the ISO27001 implementation programmes and brings expertise in making it easy to understand and undertake. With over 25 years’ experience in process improvement combined with 18 years in data protection compliance, our team has the knowledge and practical experience to guide you successfully.
Complete Support, Not Hourly Consulting
Unlike traditional consultants who charge by the hour with no guarantee of success, our fixed-price programme includes everything you need. No surprise costs, no open-ended timelines, no risk of project overruns.
Small Business Focus
We specialise in working with small businesses and understand your unique challenges – limited time, tight budgets, and the need to keep operations running smoothly while implementing new systems.
Testimonials
“Lesley Cooley has proved to be an invaluable asset to our company in the ISO27001 process. Her knowledge and ability to understand the needs of the business were paramount to us achieving certification. She was there throughout the whole process to provide guidance and support and certainly helped to engage and energise all of our staff throughout the process.”
“Lesley, you have honestly been such a wonderful part of the team, and will forever have an important part in our story”
“We appointed Lesley to help us on our compliance journey after searching for some time for a qualified advisor who truly understood the complex nature of our data landscape. Lesley has demystified and broken down the requirements and her pragmatic and grounded approach has put us well on track to hit the compliance deadline. I would recommend Lesley to any small or medium sized organisation seeking an experienced and practical consultant.”
Frequently Asked Questions
We can’t guarantee your success – that depends on your commitment to following the programme and doing the work.
However, our programme has a 100% success rate because we know exactly what works. Every business that has fully engaged with our programme, attended the weekly calls, implemented our guidance, and completed the required activities has achieved certification on their first certification audit. We provide the proven roadmap and support – your success comes from following it.
Once you have received your certification, you need to continue to undertake the various requirements to meet the standard. One of the key elements of ISO27001 is continuous improvement so you will need to demonstrate that you continue to meet the required standard and improve your ISMS throughout the year. After certification, there will be an annual audit, called surveillance, for two years before your business will be re-certified in year 3.
We have worked with Clients who have achieved ISO 27001 in 3 months and others who have taken a year to obtain it.
Our ISO27001 Advantage programme typically runs for 6 months. The weekly calls are just 60 minutes, and you control the pace of implementation. Some clients complete it faster, others need a bit longer but the aim is to obtain certification within 6 months. If you are able to tailor documents and get the evidence to support the certification in place, then you can achieve the certification quicker.
ISO27001 Advantage is a very comprehensive implementation programme but there will still need to be things that the in-house team will need to do including:
- Attending the weekly group Zoom Calls to stay on track
- Amend our documents to include specifics about your company
- Select a certification body
- Establishing a Management Review Committee and attending meetings
- Establishing a Risk Management Committee and attending meetings
- Attending Internal Audits
- Providing evidence that the ISMS is working
- Attending training sessions
- Sending out our prepared Awareness Campaigns
Templates are just the starting point. ISO 27001 requires specific parts of your ISMS to be documented, and our templates cover all these requirements. However, you also get detailed guidance on how to customise them for your business, plus access to our training portal explaining what each document does and why it’s needed. Most importantly, templates alone won’t get you certified – you need the implementation support, staff training, internal audits, and expert guidance to ensure everything works together as a complete management system.
We cannot certify you so you will need to select a certification body to check that you have implemented Iso27001. This involves 2 audits, the first call a phase 1 audit, where you are reviewed to see how well you comply with the standard. At this audit you are generally not expected to have everything in place. Then there is a Stage 2 audit where you will receive your certification if successful. For the stage 2 audit you need to be meeting the standard required for certification. If you do not meet the standard at the Stage 2 audit you may be given a short period of time, 2-3 weeks, to get the missing elements in place.
There are weekly group zoom calls for the implementation phase. These set out what you need to do each week and can answer any questions you may have about the programme for that week. If you are stuck between calls, you can just drop the team an email and we’ll respond as quickly as possible. We’re committed to ensuring you never feel stuck or uncertain about what to do next.
Yes, attendance at weekly calls is essential for programme success. The weekly calls keep your project on track, address issues before they become problems, and ensure you’re progressing toward certification. Staff training is mandatory for ISO 27001 compliance – your team needs to understand their roles in information security. Our 100% success rate comes from clients who fully commit to the programme requirements, including these key actions.
About me
I’m Lesley Cooley, and when I’m not helping businesses navigate ISO 27001, you’ll find me walking my beloved dog Riley and my puppy Evie. Those walks often help me unwind and think through new ways to simplify complex processes for my clients. Fair warning – Evie has been known to make surprise appearances on Zoom calls!
My ISO 27001 Story
My journey into information security started quite by accident. Back in 2018, a company I worked for desperately needed ISO 27001 certification to keep a major client. If they didn’t get certified, the client would stop working with them – and I had witnessed this happen before in previous roles.
What struck me was how unnecessarily complicated the whole process seemed. The standard reads like it was written by lawyers for security experts, yet small businesses with no dedicated compliance teams were expected to implement it. There had to be a better way.
The Lightbulb Moment
After diving deep into the requirements and completing my Security Auditor training, I realized the gap wasn’t in the standard itself – it was in how it was being explained and implemented. Small businesses needed someone who could translate the jargon into practical, actionable steps.
My Approach
I’m someone who believes in plain talking and practical solutions. Whether I’m figuring out the best walking route for Riley and Evie or solving a client’s compliance challenge, I look for the most straightforward path to get the job done properly.
Why This Matters to You
That same approach is exactly how I’ve designed our ISO27001 programme. No unnecessary complexity, no consultant-speak, just a clear path from where you are now to certification success.
So in a nutshell, I’m Lesley – plain-talking, thoughtful and dedicated to my clients’ success. My own ISO 27001 journey fuels my passion for making the process easier for others.