An ISO 27001 certification within 3 to 6 months

In the free and non-binding initial consultation (approx. 20 minutes), we determine your individual situation, answer your questions and discuss the ISO 27001 certification process with PCG.

You will receive all the information you need to decide whether it makes sense to take the next step. If we both feel that we are a good fit, we will arrange an appointment for a free 45-minute strategy and demo session.

From this non-binding meeting, you will take away the Compliance-as-a-Service strategy to prepare your organization for ISO 27001 certification in 3 to 6 months with a 100% success guarantee. 

Our focus is on tech and software companies that already rely on cloud technology. These can be start-ups, scale-ups or even SMEs.
Do you want to achieve your ISO 27001 certification within 6 months, be (at least) one step ahead of the competition, win new, larger customers and accelerate your sales processes? Then we are the right partner for you!
Our experts will prepare you for your audit with tailored coaching. 100% success rate guaranteed!

ISO 27001 certification is a customized project that requires different levels of effort depending on the complexity of the processes, number of employees, IT infrastructure, physical locations and services and products offered. We therefore conduct a so-called ‘GAP assessment workshop’ with each customer before the actual project starts. Together, we analyse your company's situation, internal and external expenses and develop an implementation strategy.

Our service delivery covers 7 steps: 
1. Gap Assessment: we carry out a extensive analysis of your current security protocols. We identify gaps and create a detailed maturity report. This report serves as the basis for our action plan and ensures a clear path to your ISO certification.

2. Software and Tool Integration: We integrate our ISMS tool for compliance management into your systems and ensure technical readiness.
3. Regular Jour Fixe Meetings: We meet weekly for a well-structured analysis of project dynamics. Thus, we evaluate the progress and address challenges as they arise.


4. Expert Support: A team of experts supports you throughout the entire implementation process and offers practical support for all technical, organizational and process-related topics.


5. Internal Audit: A comprehensive internal audit optimally prepares you for the external certification. Using our specialized toolkit, we evaluate the effectiveness of your security mechanisms, identify any gaps and eliminate them. This guarantees a 100 % success rate in the external audit!


6. External Audit Briefing: With our support, your entire team is perfectly prepared for the external audit. We provide support throughout the entire process and ensure that you will pass the audit at the first attempt. This includes customized expert briefings for everyone involved, from office staff to the IT department and management, and ensures, that the external audit runs smoothly.


7. Final External Audit: During the external audit, you can rely on our standby service. Our experts respond immediately and are on hand to answer any urgent questions that may occur.

ISO 27001 is a certifiable international standard for the operation of an information security management system (ISMS).
The ISMS enables a systematic approach to the management of information security risks according to the objectives of the company management. 

The time it takes depends on factors such as the size of the company, the complexity, the existing safety management processes and the company's experience with management system standards.

Very well-prepared projects can usually achieve ISO in 2 to 3 months. Normally, a timeframe of up to 6 months is realistic. Some companies with complex structures need 12 to 18 months to achieve ISO certification.

The costs include internal expenses (e.g. costs for implementation and ongoing operation), consultancy costs for preparation and external certification costs.

The total costs depend on the scope of the ISMS, the assessment of security risks, the resources and the project plan. The maintenance costs also include mandatory penetration tests and annual internal ISMS audits.

Our consultants will support you with:

- defining the scope of application
- designing and implementing the ISMS
- the creation of guidelines and procedures
- carrying out risk assessments
- drawing up the declaration of applicability
- monitoring employee training
- carrying out security analyses to identify gaps in the system
internal audits

ISO 27001 is largely in line with the requirements set out in the NIS2 directive. However, while it forms an essential basis for compliance with the NIS2 directive, full compliance with the NIS2 directive requires additional steps beyond ISO 27001 certification. This is due to the broader scope of NIS2 and the more stringent enforcement measures.
For the GDPR, ISO 27001 is an important factor in addressing security risks related to personal data.
To further strengthen GDPR compliance, it is advisable to supplement ISO 27001 with ISO 27701, which focuses more explicitly on privacy and data protection requirements.

Certified companies have a certificate issued by an accredited certification body. However, it is important to check the following elements:

- the version of the certificate
- the expiry date
- the certified company or group member
- the locations covered
- the scope of the certification
- the accreditation body
In addition, a copy of the declaration of applicability can be requested.

Yes, ISO 27001 certification can bring competitive advantages, such as greater efficiency, time savings in providing documentation to customers and improved security procedures. In industries where sensitive customer data is handled, it can also be an important marketing tool.

Maintaining ISO 27001 certification includes operating the ISMS tool as prescribed and keeping technical and organizational measures up to date. If necessary, due to changes in the level of risk, a measurable improvement in information security must be demonstrated annually. In addition, there is a commitment to carry out annual internal audits and to undergo annual surveillance or recertification audits.

ISO 27001 encourages a proactive approach to security, which in turn contributes to the development of mature and efficient internal processes. The focus is on continuous improvement and risk management, which increases operational maturity and streamlines workflows.

Start-ups often struggle to understand the complex requirements of the standard. It can also be challenging to provide sufficient resources and ensure a smooth process when things get complicated.

On the one hand, ISO 27001 is not just a 'ticking the boxes' exercise. On the other hand, you don't have to start building Fort Knox right away.

However, it is important to understand that neglecting the ISMS after the initial certification will lead to failure in future audits. In this case, ISO 27001 has no benefits for the company. Thus, through a combination of external expertise, audit coaching and the right automation tools, you can achieve certification much faster than with a traditional approach - and keep it alive in the long term.

ISO 27001 requires continuous commitment. Regular compliance reviews, consideration of all changes and annual audits are essential for maintaining certification in the long run.