Compliance Plan
“I can’t wait for my audit”
(said no one, ever).
What’s included
Our Compliance Plan ensures you keep audit-ready, all year round.
✅ Weekly reviews, alert checks, tuning, reporting.
✅ Oongoing updates, occasional new policies, stakeholder input.
✅ Risk reviews, new assessments, treatment tracking.
✅ Vendor reviews, questionnaires, follow-ups.
✅ Prep, delivery and gaps managed across the year.
✅ Quiet months low, incident months higher – averaged.
✅ Metrics, reporting, stakeholder comms
✅ Prep spread across year, spikes near audit
Security Tooling Oversight
What‘s included:
Continuous monitoring and optimisation of your core security tools to ensure they are effective, configured correctly, and actively protecting your environment.
- Weekly monitoring reports monitoring systems (e.g. DLP, EDR, IAM, cloud security tools)
- Review of alerts, detections, and misconfigurations
- Validation that tooling is operating as expected
- Identification of gaps or degraded controls
- Recommendations for tuning and optimisation
Policy Creation & Updates
What‘s included:
Creation and maintenance of your security policies to ensure they stay aligned with ISO 27001 and your actual business operations.
- Policy updates
- New policy creation
- ISO-aligned documentation
- Version control and updates
Risk Tracking & Management
What‘s included:
Active management of your risk register to ensure risks are identified, assessed, and treated continuously.
- Managed risk assessments
- Risk scoring and prioritisation
- Treatment planning
- Ongoing tracking and updates
Vendor Security Reviews & Questionnaires
What‘s included:
Assessment and management of third-party risk across your vendor ecosystem.
- Vendor risk assessments
- Security questionnaires
- Vendor classification and risk review
Security Awareness & Training
What‘s included:
Structured training to reduce human risk and build a security-aware organisation.
- Interactive training sessions
- Customised content
- Staff participation tracking
Incident Management Coordination
What‘s included:
Guided coordination of security incidents to ensure effective response and proper handling.
- Incident triage and coordination
- Response guidance
- Post-incident review
Compliance Reporting
What‘s included:
Clear reporting on your compliance posture for leadership and audit readiness.
- Stakeholder compliance reporting
- KPI and metrics tracking
- Risk and control summaries
Audit Preparation
What‘s included:
Preparation and review to ensure you are fully ready for ISO 27001 audits.
- Pre-audit review
- SoA & Gap analysis
- Evidence validation
- Audit readiness support
Got questions?
Feel free to reach out.