RESTIV

ISO/IEC 27001 Certification

ISO 27001 certified, the global standard for trust.

ISO/IEC 27001 is the international standard for an Information Security Management System (ISMS) — the certification enterprise buyers and global partners expect before they share sensitive data. RESTIV builds and operates the ISMS, maps the 93 Annex A controls of ISO 27001:2022, and keeps you audit-ready through the three-year certification cycle and its annual surveillance audits.

  • Full ISMS build aligned to ISO/IEC 27001:2022
  • 93 Annex A controls across 4 themes, mapped to evidence
  • Stage 1 and Stage 2 certification audit ready
  • Maintained across the 3-year certification cycle
Book an ISO 27001 readiness call

What ISO 27001 certification takes.

An ISMS is a management system, not a checklist. We build one that satisfies the auditor and actually runs — then keep it current between surveillance audits.

ISMS build & scoping

Define the ISMS scope, context, and leadership commitment, and stand up the policies, roles, and processes ISO 27001 requires as the foundation for certification.

Risk assessment & SoA

Run a defensible information-security risk assessment and treatment plan, and produce the Statement of Applicability that justifies every Annex A control decision.

Annex A control operation

Implement and operate the relevant controls from the 93 Annex A controls of the 2022 revision, each linked to live evidence rather than a one-time document.

Continuous surveillance readiness

Internal audit, management review, and continuous control testing keep the ISMS effective so annual surveillance audits and recertification are non-events, not fire drills.

Your path to ISO 27001 certification.

A staged programme that produces, at each step, the evidence the certification body will ask for at Stage 1 and Stage 2.

01

Scope & ISMS

Context, leadership, foundation

Define the ISMS scope and boundaries, establish leadership commitment, and stand up the core policies and processes that the rest of the standard builds on.

ISMS ScopeClauses 4–7Policy Framework
02

Risk assessment

Identify, treat, document

Identify and analyse information-security risk, decide treatment, and produce the Statement of Applicability that records which Annex A controls apply and why.

Risk AssessmentRisk TreatmentStatement of Applicability
03

Implement controls

Operate the Annex A controls

Implement and operate the applicable controls from the 93 Annex A controls of ISO 27001:2022, across organisational, people, physical, and technological themes.

93 Annex A Controls4 Control ThemesEvidence Mapping
04

Internal audit & review

Verify before the external audit

Run internal audits and a management review to confirm the ISMS works and meets its objectives — the standard’s own checkpoint before a certification body arrives.

Internal AuditManagement ReviewContinual Improvement
05

Certification audit

Stage 1, Stage 2, surveillance

An accredited body runs Stage 1 (documentation) and Stage 2 (effectiveness). On success you are certified for three years, with annual surveillance audits we keep you ready for.

Stage 1 + Stage 23-Year CycleSurveillance Audits

The enterprise standard, by the numbers

93

Annex A controls in ISO/IEC 27001:2022

3-yr

Certification cycle with annual surveillance audits

147

Compliance frameworks RESTIV supports

The certification global buyers ask for.

An ISO 27001 readiness call is a private working session with the RESTIV team — your ISMS scope, your gaps against the 2022 standard, and the fastest credible path to a Stage 2 audit.

Book an ISO 27001 readiness call