ISO 27001 & ENS Audits

From zero to certified, without the pain

We take you by the hand through the entire ISO 27001 or ENS certification process: diagnosis, plan, control implementation and external audit support. You can be certified in 6 months.

Start with a diagnosis See process
Documentation and review for ISO 27001 and ENS audit
0
Success rate
0
Average duration
0
Certifications achieved
0
ISO 27001:2022
Two certifications, two reasons

Do you need ISO 27001, ENS, or both?

Choose the certification that matches the customer you target. If you work with public administrations, ENS is mandatory; for the private market or international expansion, ISO 27001 is the de facto standard.

ISO 27001:2022

International information security management standard. Essential to scale globally or work with large corporations.

  • International recognition
  • 93 controls in Annex A
  • Initial audit + annual surveillance
  • 3-year validity

National Security Framework (ENS)

Mandatory for technology vendors of the Spanish public sector. Three categories: Basic, Medium and High based on data criticality.

  • Mandatory for Spanish public sector
  • Basic, Medium and High categories
  • Self-declaration or full certification
  • Framework based on RD 311/2022
Why choose us

Consulting that ends with the certificate, not the report

Too many consultancies leave you halfway through with a stack of documents. We commit to the result: the certification.

Certification guarantee

If you do not pass the external audit, we refund part of the fees. It has never happened, but the commitment matters.

Practical documentation

Short, clear and applicable policies and procedures. Not "200-page manuals nobody reads".

Predictable timeline

Average 6 months for ISO 27001 from scratch, 4 months for ENS Medium. Plan with weekly milestones.

Certified team

Auditors with CISA, ISO 27001 LA, CISSP, ENS. Not textbook theory — real experience across dozens of programmes.

Ongoing maintenance

Your certification lasts 3 years with annual audits. We help you keep it alive without extra effort.

Fixed price

Fixed quote, no surprises. We tell you exactly what it costs before starting and that is what you pay.

Certification roadmap

You will always know where you stand

Phases completed, controls deployed, open findings and days to external audit. No surprises, no "we are almost there".

audit.izuuk.com / iso-27001 / roadmap
ISO 27001:2022 · 64% complete
Audit in 47 days
DiagnosisMar 12
Master planMar 26
DocumentationApr 18
Implementationin progress
Internal auditMay 28
CertificationJun 12
Annex A · 93 controls
Implemented and validated59/93
Being implemented17
Awaiting evidence12
Not applicable (justified)5
Open findings
!Outdated key management policyA.5.17
!Missing Q1 training evidenceA.6.3
iImprove logs in XYZ systemA.8.15
iBackups: review DR frequencyA.8.13
MFA on critical accessclosed
Next actions · this week
Fri 29 Workshop with process owners · validate procedures A.5.10–A.5.15 Pending
Thu 28 Remote work policy approved · signed by management Closed
The process

From zero to certified in 6 phases

PHASE 1 Gap analysis (3-4 weeks)

Diagnosis of your current situation against the standard's controls. We identify what you have, what is missing and the effort to close the gap.

PHASE 2 Master plan (2 weeks)

Detailed roadmap with owners, deadlines, deliverables and follow-up meetings. Approved with management before kicking off.

PHASE 3 ISMS documentation (4-6 weeks)

Drafting of policies, procedures, technical instructions and records. Tailored to your operational reality, not internet copy-paste.

PHASE 4 Control implementation (8-12 weeks)

Technical and organisational rollout of required controls. We coordinate IT, HR and vendors. We generate the necessary evidence.

PHASE 5 Internal audit (2 weeks)

We simulate the external audit. We identify nonconformities and close them before they cost you.

PHASE 6 External audit and certification

We support you throughout the audit with the certifying body (Aenor, BSI, Bureau Veritas, etc.). Resolve on the spot and earn the certificate.

Do you have an RFP that requires ENS or ISO 27001?

Let's talk about real timelines and see if we can make it. We have certified clients in less than 4 months when needed.

Request a diagnosis
FAQ

Frequently asked questions about audits

There are two costs: our fees (consulting) and the external certifying body fees. For a 50-employee SME, all-in (ISO 27001), it is usually around €12,000-22,000 in year one. We give you a fixed quote after the initial diagnosis.

On average 6 months for ISO 27001 from scratch, 4 months for ENS Medium. If you have some maturity in place, we can move faster.

No. We start from wherever you are. If you have something we use it; if not, we build it together. No judgement.

An accredited certifying body (independent from us). We recommend the ones that best fit your size and sector, but the choice is yours.

Yes. The certification lasts 3 years with annual surveillance audits (lighter ones). We offer an annual maintenance service to make renewal a formality.