Can I implement multiple ISO standards simultaneously?

Ja, and dat is zelfs efficiënter. ISO 27001 and ISO 27701 deland a groot deel van hun requirements — tegelijk implement bespaart 30-40% of the doorlooptijd. Ook ISO 42001 bouwt deels voort op de ISO 27001-structuur. We ontwerpen integratede engagements die certification voor meerdere normen combineren.

How long does ISO 27001 certification take for an SME?

Voor een SMEs-organisation van 50-200 employees duurt een volledig ISO 27001 engagement gemiddeld 9-14 months: drie months voor gap-analyse and projectopzet, zes months voor ISMS-implementation, and een tot twee months for the externe certificationsaudit. Onze fast-track approach kan dit verkorten tot 6-9 months.

ISO Certification Services SMEs | 27001 & 27701

Our services

Choose the service that suits your needs

ISO 27001 — Information Security Management System

The international standard for information security. We guide you from baseline assessment to certificate with a pragmatic, audit-ready approach.

ISMSRisk ManagementSoA

View ISO 27001 →

ISO 27701 — Privacy Information Management System

Extension of ISO 27001 for demonstrable GDPR compliance via a Privacy Information Management System.

PIMSGDPRDPO

View ISO 27701 →

ISO 42001 — AI Management System

The first international standard for responsible AI use. Governance, risk management and transparency for your AI systems.

AI GovernanceEU AI ActRisk Mgmt

View ISO 42001 →

GDPR Implementation

Complete GDPR implementation including DPO role as a service, ROPA, DPIA and data breach processesedures.

GDPRDPODPIA

View GDPR →

NEN 7510 — Healthcare Standard

The Dutch standard for healthcare organisations. Mandatory for LSP connection. Guidance by healthcare-experienced consultants.

HealthcareLSPPatient Data

View NEN 7510 →

Ready to start with your certification engagement? Plan a no-obligation conversation. We assess your current situation and set up a realistic implementation plan. Free Consultation →

What makes our ISO certification journey different

ISO 27001, ISO 27701 and ISO 42001 are not separate standards you can 'just' implement. They require a structured approach where risk management, policy, technology and culture come together. We do not work with generic templates that are the same for every client, but tailor the management system to your sector, size and risk profile. A SaaS organisation needs different controls than a healthcare facility or a financial services provider — that difference should be visible in your ISMS.

Our approach starts with a gap analysis against the standard, followed by a risk assessment that results in a control plan. We build the management system together with your team: policy documents, procedures, risk register, Statement of Applicability. We train the people who will be responsible for compliance and organise internal audits to provide assurance before the external audit. Our consultants are CISSP, CISA and Lead Auditor-certified and know exactly what auditors expect.

A successful engagement does not end with the certificate. We set up the continuous improvement cycle so that your ISMS remains alive: management review, internal audits, incident analysis and quarterly dashboards. Many clients choose a continuous service model after certification where we continue to contribute as an external CISO or Security Officer-as-a-Service. This prevents knowledge from leaking away and your management system from slowly turning into documentation without real governance.

Frequently asked questions about ISO certification

How long does an ISO 27001 certification engagement take?

For a mid-market organisation, a realistic ISO 27001 engagement takes six to nine months. That includes the gap analysis, setting up the management system, the first internal audit, Stage 1 and Stage 2. Organisations that already have mature processes can go faster, greenfield situations often take a bit longer. We ensure tight planning with clear milestones so you always know where you stand.

Can we certify multiple standards at the same time?

Yes, we often recommend it. Because ISO 27001, ISO 9001, ISO 14001, ISO 22301 and ISO 42001 use the same High Level Structure, you can set up one integrated management system that meets multiple standards. The certifying body can then perform a combined audit, which saves you considerable audit time and costs.

What happens if we fail the audit?

A 'fail' in the strict sense is rare. However, an auditor may report major or minor non-conformities. With minors, you have a few weeks to submit a corrective plan; with majors, the solution must be demonstrable before certificate issuance. We prepare you so that majors are practically excluded and any minors are manageable and quickly resolved.

ISO Certification Services for SMEs