ISO 27001 Consultancy

ISO 27001:2022

Compliance built into how the business already runs. Gap assessment, implementation, and audit readiness delivered on an ISMS framework that lives inside your Dynamics environment, not across a hundred spreadsheets.

What we do

ISO 27001 fails for the same reason most compliance programmes fail: the evidence lives everywhere except where the business actually works. Risk registers in Excel. Policies in SharePoint. Action plans in someone's inbox. Audit week becomes a hunt rather than a review.

We do it differently. We deliver ISO 27001:2022 the gap assessment, the Statement of Applicability, the 93 Annex A controls, the management review on a single Dynamics-native ISMS framework. The same platform your sales, service, and operations teams already use becomes the system of record for risk, controls, and audit evidence. Auditors see one source of truth. Leadership sees the risk register in the same place they see the pipeline. Multi-entity groups stop running parallel ISMS programmes that drift out of alignment.

How we work

Gap assessment. Two-week review against the 2022 standard and Annex A controls, mapped to your current state. We produce a findings report that distinguishes observation, minor non-conformity, and major non-conformity in formal audit language, plus a corrective action plan a board will read.

Implementation. Full ISMS build using the Mason Pete Dynamics ISMS framework. Risk register, asset inventory, control library, policy library, internal audit log, non-conformity workflow, and management review pack all configured in your Dynamics tenant with role-based access and change history. We hand it over with documentation your team can operate.

Audit readiness. Pre-certification dry run against your chosen certification body. We attend the Stage 1 review with you. After certification, we configure the surveillance audit calendar inside the ISMS so the next twelve months take care of themselves.

Multi-entity ISMS. For groups running multiple operating companies, we consolidate ISO 27001 evidence across entities into one Dynamics framework. Local autonomy is preserved; group-level reporting works for the first time.

The Dynamics ISMS framework

Most ISMS evidence is shattered across Excel, SharePoint, Word, Visio, email, and a vendor's GRC portal. Auditors have to reconcile it. Owners have to maintain it. Nobody trusts it.

Our framework is built on Microsoft Dynamics:

• Risk register and treatment plans as Dynamics records, with workflow and approval

• Asset inventory linked to risk, controls, and owners

• Control library mapped to ISO 27001:2022 Annex A — Organisational, People, Physical, Technological

• Policy library with version control, attestations, and review dates

• Internal audit log with evidence attachments

• Non-conformity workflow with corrective action tracking

• Management review pack generated from live data, not retrofitted

Built on technology you already license. Maintained by the people who already use the platform. Auditable by design.

Who this fits

Organisations preparing for first ISO 27001 certification.

Organisations whose existing ISMS lives across too many tools and is breaking under audit pressure.

Multi-entity groups whose operating companies each run their own ISMS and can no longer report at group level.

Organisations responding to NIS2 in-scope classification who want ISO 27001 as the foundation for compliance.

Related services

NIS2 Compliance Advisory · Cybersecurity · Microsoft Defender deployment