ISO 27001:2022
Certification Readiness

End-to-end ISO 27001:2022 certification readiness with working controls, automated evidence, and audit support.

Complete ISMS mapped to clauses 4–10 and Annex A controls
Automated evidence and dashboards showing readiness in real time
Internal audit, management review, and team enablement completed
Complete ISMS mapped to clauses 4–10 and Annex A controls
Automated evidence and dashboards showing readiness in real time
Internal audit, management review, and team enablement completed

Complete ISMS mapped to clauses 4–10 and Annex A controls
Automated evidence and dashboards showing readiness in real time
Internal audit, management review, and team enablement completed

Why we're different

Operational ISO 27001 delivery—not just paperwork

Most ISO 27001 implementers hand you policy templates and leave you to figure out the technical controls. We don't. We configure systems, deploy protections, and automate evidence so you operate a working ISMS—not a binder of to-dos.

Outcomes

What you get

Outcomes that compound across onboarding, activation, and retention — without the clutter.

Complete ISMS

Statement of Applicability with justified controls and traceability.
Operational governance for clauses 4–10 embedded in your teams.

Automated compliance

Continuous monitoring dashboards aligned to ISO 27001:2022 controls.
Integrations with Microsoft 365, Azure, AWS, and other critical platforms.

Certification confidence

Internal audits covering clauses 4–10 and Annex A controls.
Management review, risk treatment validation, and corrective actions closed.

Sustainable operations

Role-based training for ISMS owners, operators, and leadership.
Surveillance and recertification cadence built into business rhythms.

Microsoft

Native security and compliance capabilities implemented and tuned.
Integration with your existing identity and device management stack.

Vanta

Evidence synced from Microsoft 365, Azure, AWS, and on-prem systems.
Real-time dashboards showing mitigation progress and residual risk.

Security ecosystem

Tooling aligned to Annex A controls without disrupting operations.
Automations that keep evidence current across your stack.

Accredited certification bodies

Support selecting the right certification body for your sector.
Audit logistics, documentation submission, and finding management handled.

Step 1

Scoping & Gap Analysis

Goal: define ISMS boundaries and identify what needs to be built.

Define ISMS scope, boundaries, and interfaces with organisational context and interested parties.

Conduct gap analysis against ISO 27001:2022 Clauses 4–10 and Annex A controls.

Assess current policies, procedures, risk practices, and evidence collection.

Build the Statement of Applicability (SoA) with justifications for included/excluded controls.

Create a certification roadmap with priorities, owners, and dependencies.

Step 2

ISMS Build & Control Implementation

Goal: implement your ISMS and Annex A controls.

Establish ISMS processes for context, leadership, planning, support, and operation.

Implement technical controls (e.g., access management, cryptography, operations and communications security, SDLC).

Implement organisational controls (e.g., policies, asset management, HR security, suppliers, incident, continuity, compliance).

Deploy automated evidence collection integrated with Microsoft 365, Azure, AWS, or other environments.

Create documentation: information security policy, risk methodology, SoA, internal audit, corrective action, management review, and operational procedures.

Step 3

Testing & Internal Audit

Goal: prove the ISMS works and close gaps before certification.

Role-based enablement for ISMS owners, control operators, and leadership (competence and awareness).

Conduct internal audits against ISO 27001:2022; document findings and nonconformities.

Gather operation evidence for all processes and controls; ensure documentation is complete and retrievable.

Run the management review covering performance, audit results, risks, and improvements.

Execute a remediation sprint to close nonconformities and implement corrective actions.

Step 4

Certification & Handover

Goal: complete certification and establish ongoing maintenance.

Select and engage an accredited certification body; manage logistics and document submission.

Support Stage 1 readiness (document review) and address observations.

Prepare for Stage 2 (implementation audit) with final evidence reviews, team briefings, and audit coordination.

Provide Stage 2 support on-site and manage findings and corrective actions.

Post-certification: set the surveillance calendar, continuous monitoring, improvement cadence, and change management.

Evidence

Michel Kunze - Head of IT

SOS Kinderdörfer weltweit

“As a mission-driven organization, we partner with Fairplay Digital for vendor-agnostic guidance that keeps our programs front and center. Their team understands the realities we face—and the need to do more with less—pairing deep technical expertise with a practical grasp of how nonprofits operate. Recommendations match our pace and priorities, not a vendor’s roadmap. They strengthen our security posture across diverse environments, keeping systems protected and dependable without locking us into costly commitments. With hands-on support and strategic guidance, we stay secure while directing maximum resources toward our mission.”

Mission-first ISO 27001 assuranceMicrosoft 365 security hardeningISMS implementation with automated evidence

Frequently asked questions

Answers about ISO 27001:2022 certification readiness.

Plan your ISO 27001 certification

Share your certification requirements and we will design the roadmap, timeline, and evidence plan tailored to you.

Schedule a certification workshop