ISO 27001 Certification

What is ISO 27001 certification?

Increasing pressure from regulators, clients and the public for better assurances about the way in which organisations manage confidential and sensitive data has resulted in rapid growth of certification to ISO 27001.

ISO 27001 is the international standard that lays out the specifications for implementing an ISMS (information security management system). An ISMS can be audited by an independent CB (certification body) as a way to assess whether it conforms to the requirements of the Standard.

ISO 27001 and ISO 27002 2022 updates

ISO/IEC 27001:2022 – the newest version of ISO 27001 – was published in October 2022.

Organisations that are certified to ISO/IEC 27001:2013 have a three-year transition period to make the necessary changes to their ISMS (information security management system).

For more information about ISO 27001:2022 and its companion standard, ISO 27002:2022, and what they mean for your organisation, please visit ISO 27001 and ISO 27002: 2022 updates

Download your copy of ISO 27001:2022 here

Download your copy of ISO 27002:2022 here

How long does ISO 27001 certification last?

Once certification is granted it is valid for three years, although the ISMS will need to be managed and maintained throughout that period. Auditors from the CB will continue to conduct surveillance visits every year while the certification is valid. 

How we can help you get certified

No matter your business or location, our team can help you implement an ISO 27001-compliant ISMS. Our unique combination of practical information security know-how and management system expertise, reinforced by years of experience and understanding what auditors expect, means you can apply for certification with your chosen accreditation body with confidence. 

For more information, you can download our consultancy brochure here >>

Explore the benefits of achieving ISO 27001 certification

Learn more about the benefits of ISO 27001 certification in our free green paper: Information Security & ISO 27001: An introduction

Download now

Other ways we can help you prepare for certification

In addition to our bespoke ISO 27001 consultancy service, we offer a range of fixed-price services to meet any of your implementation requirements.

Gap analysis Tool

This tool lists all of the requirements from ISO 27001:2013 - which you can assess your current state of compliance against.

Find out more


Reach ISO 27001 certification readiness in just three months (small organisations only).

Find out more

ISO 27001 Toolkit

With this toolkit, you will have all the direction and tools at hand to streamline your ISO 27001 certification  project.

Find out more

DIY consultancy

Consists of core implementation tools, books, risk assessment software, training courses and 40 hours of structured consultancy.

Find out more

LiveOnline Consultancy

Providing quick, expert online consultancy support on specific issues whenever you need guidance with your ISO 27001 project.

Find out more

Why use IT Governance for your certification needs?

Drawing on our unique blend of practical cyber security know-how and proven management system consultancy expertise, our team will work with you to implement an ISO 27001-compliant ISMS quickly and without hassle, no matter where your business is located.

Our pricing and proposals are completely transparent, so you won’t get any surprises.

You can keep control over your ISMS because we teach you how to maintain it following certification*.

Our implementation methodology has been honed over 15+ years.

We support independently accredited certification – you can use the certification body you want.

We are known as global authorities of ISO 27001 - our management team led the world’s first ISO 27001 certification project.

We have a proven and pragmatic approach to assessing compliance with international standards, no matter the size or nature of your organisation.

You receive crucial input to help you develop a business case, allowing you to secure the necessary information security investment.

If you follow the advice of our consultants, you are assured of a 100% guarantee of successful certification.

Some of our clients

We’ve helped more than 400 organisations across many different industries and sectors achieve ISO 27001 certification.

What our clients say

“Having IT Governance on hand to guide our swift adoption of the ISO 27001 standard and provide ongoing expert support has been invaluable. They really understood the needs of a technology enterprise like ours.”

Paul Green, Wirefast

“I would have no hesitation in recommending IT Governance to others. The main advantage was their flexibility. IT Governance tailored their services, (whether it be training or consultancy) to our specific needs.”

Paul Berry, Senior Project Manager, Martin Dawes Solutions

“On behalf of myself and colleagues, a sincere thank you for all your input helping us achieve certification to the ISO 27001 standard. Here we are, just 6 months after we started the project and the outcome has been described by the auditor as ‘a delight to audit’. Much of this has been down to the mentoring and coaching style IT Governance has used to steer us to our goal.”

David Gilbert, Global Business Development Manager at Goal Group of Companies

For more client testimonials and details of projects we’ve undertaken, please see our consultancy case studies page >>

Deep technical expertise. Business-focused results.

We combine deep technical expertise and ISO 27001 best practice with a practical understanding of the realities of running a business. We’ll help you transform your information security by working closely with you to achieve your goals.

For more information, download our free ISO 27001 consultancy brochure >>

Speak to an expert

Please contact our team for advice and guidance on our ISO 27001 products and services.

SAVE 25%