ISO/IEC 27001 · ISMS · Security Governance

ISO/IEC 27001 & ISMS for companies that want to get serious.

Security is not just one more firewall, but a management system. I help companies design, implement, and maintain an ISMS based on ISO/IEC 27001, with a concrete, sustainable, and business-aligned approach.

What I can do for your company.

From first steps with a gap analysis to preparation for ISO/IEC 27001 certification: the path is modeled on the real context of your organization, without unnecessary superstructures.

Gap Analysis ISO 27001

Analysis of the current state compared to ISO/IEC 27001:2022. Evaluation of documentation, technical controls, processes, and risks, with a clear roadmap of what is missing to be aligned with the standard.

Output: gap report, priority list, compliance plan.

Full ISMS Implementation

Design and implementation of the Information Security Management System: scope, risk assessment, treatments, Annex A controls, policies, procedures, and all necessary documentation.

Output: operational ISMS, defensible before auditors and clients.

ISO 27001 Certification Preparation

End-to-end support to arrive ready for the certification body audit: internal audits, non-conformity management, documentation refinement, evidence, and support during the visit.

Output: 'audit-ready' company, without last-minute rushes.

Risk Management & Virtual CISO

Risk register management, periodic updates, support to management on strategic security decisions, and continuous alignment with ISO 27001, NIS2, and international best practices.

Output: a single contact for security, governance, and technical decisions.

‘ISO Starter’ packages for SMEs.

Not all companies need (or want) to be certified immediately. ISO Starter packages serve to bring order, reduce risk, and create a solid base, leaving the door open for future certification.

ISO Starter 1

Basics & Awareness

For small entities that want to start structuring security without upsetting everything.

  • ‘Light’ gap analysis
  • Initial risk register
  • 3 basic policies (security, access, backup)
  • 12-month mini-roadmap
  • 1-hour training session

Approximate: from 1.200€

ISO Starter 2

Evolving SME

For companies that want a solid security structure, already aligned with ISO 27001 logic.

  • Full gap analysis
  • Risk register & treatments
  • Preliminary SoA
  • 6 core policies
  • Incident & Change Management procedures
  • Basic supplier assessment
  • 12-month roadmap + training (2h)

Approximate: 2.800€ – 3.500€

ISO Starter 3

ISO-Ready

For companies that want to be ready for ISO/IEC 27001 certification without wasting time and budget.

  • Everything in Starter 2
  • Full SoA
  • Asset register & evidence
  • Full operational procedures
  • Internal audit
  • Certification audit preparation
  • Support on technical controls & OWASP

Approximate: 5.500€ – 8.000€

Why trust Cusati Solutions for the ISO/ISMS part.

Technical and managerial, together.

Direct experience with development, infrastructure, cloud, and security: the ISMS doesn't stay on paper, it talks to the technical reality.

Designed for SMEs and digital companies.

Lean processes, readable documentation, attention to resources: no enterprise models dropped from above.

A single contact, end-to-end.

From the first assessment to support during the certification audit: no bouncing between different consultants.

Want to understand the right step for your company?

We can start from an exploratory call: we analyze the context, the current level of security, and evaluate if an ISO 27001 path, an ISO Starter package, or a lighter approach makes sense.

Book a consultation

ISO/IEC 27001 & ISMS | Cusati Solutions | Cusati Solutions