ISO/IEC 27001:2022 · Information Security Management
Framework Landing Page

ISO 27001 certification — faster and leaner than you think.

End-to-end ISO 27001 implementation and certification support. From gap analysis to passing your Stage 2 audit — we guide East African organisations through every step, without the bloated consulting retainers.

See Our Approach
Avg. Time to Certification 6–9 mo
First-Time Pass Rate 100%
Certifications Supported 50+
What is ISO 27001?

The global standard for information security management.

ISO/IEC 27001:2022 is the internationally recognised standard for establishing, implementing, and continually improving an Information Security Management System (ISMS). Certification signals to clients, investors, and regulators that you manage information security systematically and rigorously.

Win enterprise contracts

Most enterprise procurement teams require ISO 27001. Certification unlocks RFPs you currently cannot bid on.

Satisfy investor due diligence

Series A–C investors increasingly expect ISO 27001 as evidence of operational maturity and risk management.

Reduce breach risk structurally

A properly implemented ISMS identifies and remediates your highest-risk areas before attackers find them.

ISO 27001:2022 at a glance
Annex A Controls 93
Current Standard Version 2022
Certification Validity 3 years
Surveillance Audits Annual
Recognised In 150+ countries
Our Approach

From gap analysis to certificate —
a structured six-phase programme.

We handle the methodology, documentation, and audit preparation. Your team keeps building your product.

01
Gap Analysis & Scoping
We assess your current security controls against ISO 27001:2022 requirements, define the ISMS scope, and produce a prioritised gap report with a clear remediation roadmap.
2–3 weeks
02
Risk Assessment & Treatment
Structured risk assessment across your in-scope assets. We identify threats, vulnerabilities, and likelihood — then build your Risk Treatment Plan and Statement of Applicability.
3–4 weeks
03
Policy & Control Implementation
Development of your full ISMS policy suite (40+ documents), implementation of Annex A controls, and technical security hardening aligned to your infrastructure.
6–10 weeks
04
Staff Awareness & Training
ISO-aligned security awareness training for all staff, role-specific training for key personnel, and executive briefings for the leadership team.
2–3 weeks
05
Internal Audit
Full internal audit against ISO 27001:2022 requirements, management review facilitation, and corrective action closure — preparing you for the external audit with confidence.
2–3 weeks
06
Certification Audit Support
We liaise with your chosen certification body, manage Stage 1 and Stage 2 audit preparation, attend the audit alongside your team, and handle any nonconformities.
3–4 weeks
What You Get

Every deliverable you need —
nothing you don't.

ISMS Policy Suite
40+ policy and procedure documents covering all ISO 27001 domains — tailored to your organisation, not off-the-shelf templates.
Risk Register & Treatment Plan
Structured risk assessment with threat and vulnerability mapping, risk scoring, and a prioritised treatment plan with ownership and timelines.
Statement of Applicability
Complete SoA documenting your selection, justification, and implementation status for all 93 Annex A controls — audit-ready from day one.
Internal Audit Report
Full internal audit findings, nonconformity tracking, corrective action plans, and management review records — all required for certification.
Certification Body Liaison
We handle the certification body selection, application, and coordination — and attend the Stage 1 and Stage 2 audits alongside your team.
12-Month Surveillance Support
Post-certification support to maintain your ISMS, prepare for annual surveillance audits, and keep your documentation current as your organisation evolves.
Common Questions

ISO 27001 questions,
answered honestly.

How long does ISO 27001 certification take?

For most East African organisations, 6–9 months is realistic from kick-off to certificate. Smaller organisations with simpler IT environments can move faster (4–6 months). Larger or more complex organisations may need 9–12 months. We set a realistic timeline during gap analysis and hold to it.

Do we need to hire new staff for ISO 27001?

No. SecureZaidi functions as your external ISMS implementation team. We handle all the expertise — gap analysis, policy writing, risk assessment, internal audit, and audit support. Your team provides context and approvals; we do the heavy lifting.

How much does ISO 27001 certification cost?

Total cost depends on your organisation's size, complexity, and current security maturity. Our fees cover the implementation engagement. Certification body fees (typically $3,000–$8,000 USD for SMEs) are separate. We provide a fixed-fee proposal after the initial gap assessment.

What's the difference between ISO 27001:2013 and ISO 27001:2022?

The 2022 update restructured Annex A from 114 controls across 14 domains to 93 controls across 4 themes, and added 11 new controls. If you're starting fresh, we implement 27001:2022 from day one. If you're transitioning from 2013, the transition deadline was October 2025 — we can help you assess your gap.

Can we pursue ISO 27001 and Kenya DPA compliance simultaneously?

Yes — and there are significant overlaps. ISO 27001 controls around access management, data handling, and vendor management directly support Kenya DPA compliance. We routinely run joint programmes that achieve both certifications efficiently, reducing duplicated effort by around 40%.

Ready to start your ISO 27001 journey?

Book a 15-minute scoping call. We'll review your current posture, estimate your gap, and give you a realistic timeline and cost — no commitment required.

15 min · Free · No sales pitch