ISO/IEC 27001 – Information Security Management
Establish, implement, maintain and continually improve an information security management system aligned with risk and business context.
Our services
Certification for high-growth organisations
We help technology-driven organisations design, implement and certify information security management systems against ISO standards, with minimal disruption.
Certification & audit services
- Initial certification audits for ISO/IEC 27001-based management systems.
- Surveillance audits and recertification audits.
- Combined audits where ISO/IEC 27017 and ISO/IEC 27018 are applied.
- Gap assessments and readiness reviews prior to certification.
- Transfer of existing certificates from other certification bodies (where appropriate).
Important: Audit Span is in the process of gaining UKAS accreditation. Any ISO/IEC 27001 certificates we issue are not yet UKAS accredited. We will clearly communicate our accreditation status at every stage of your engagement.
Who we work with
Our services are tailored for modern, cloud-native organisations:
SaaS & product companies
Fintech & payments
Healthtech & med-tech
AI & data platforms
Managed service providers
We understand regulatory drivers (such as GDPR), customer assurance demands and investor expectations, and we calibrate our audit approach to your stage of growth.
Standards
Focus standards
Learn more about the specific standards we certify against:
ISO/IEC 27017 – Cloud Security Controls
Reinforce your 27001 controls with cloud-specific good practice and clear allocation of responsibilities between provider and customer.
ISO/IEC 27018 – Protection of Personal Data in the Cloud
Demonstrate strong controls for protecting personally identifiable information when you process it in public cloud environments.