HomeServicesCase StudiesInsightsAboutBook a free review

Home / Services / ISMS Maintenance

Ongoing · monthly

ISMS Maintenance

Getting certified is the sprint. Staying certified is the part nobody budgets for — surveillance audits come every year, and an ISMS left alone quietly rots. I keep yours alive.

Why certified companies fail audits

Not for dramatic reasons. The risk register hasn't been touched since certification. Access reviews stopped after the second quarter. Evidence lives in someone's head, and that someone resigned. The surveillance auditor asks for twelve months of records and gets a scramble. None of it means security got worse — it means nobody owned the treadmill.

What I take off your plate

  • The evidence habit: collected monthly, filed where the auditor expects it
  • Scheduled access reviews, risk-register updates and control health checks
  • Internal audits ahead of the external one, so findings surface when they're cheap
  • Management review preparation — the meeting the standard requires and everyone forgets
  • I sit with you through the surveillance audit itself

The honest pitch

This is a few disciplined hours a month that saves a panicked month a year. If you certified with me, I already know your ISMS. If you certified with someone else, the first month is me reading it properly before I promise anything.