Let us help you with understanding which services may be the most applicable for your specific environment based on work culture, industry, company size, and the level of maturity of your current cyber security posture.
Clients rarely know exactly what they need, and this is expected.
We will help you understand which options will suit you best in a zero pressure and informative environment.
All services are customized and evaluated to save you time and money, so you may need something not explicitly listed. Here are some common service packages for reference.
Phase 1 of a full ISO 27001 program
Deliverable Examples:
• Gap analysis against ISO 27001 Clauses 4–10 + Annex A controls
• Initial review of your policies, procedures, and security posture
• Risk context high-level discussion (sometimes a light risk analysis)
• Statement of Applicability draft or guidance
• Final report + implementation roadmap
• Additional advisory calls can be packaged in as well
This package can be scoped to include exactly what you need.
Full ISO 27001:2022 program build
Deliverable Examples:
• Full gap analysis against ISO 27001 Clauses 4–10 + ISO 27001:2022 Annex A controls
• Review and build all ISMS policies, procedures, and security documentation
• Risk Analysis policy, procedure, and implementation
• Statement of Applicability draft or guidance
• Final report on state of audit readiness
• Risk and Control register
• Additional ad-hoc advisory calls can be packaged in as well at discounted blocks
This package can be scoped to include exactly what you need
Expert advisory services available to assist clients with evidence collection, certification audit preparation practices, ISO 27001 and ISO 27002 clause and Annex A control interpretations and real-world implementations, user-base adoption strategies, and industry best practices.
Assistance in creating documentation that not only achieves ISO 27001 compliance, but also best fits your business model and work culture. ISO has some strict standards, but there is plenty of room to make ISO compliance work in your unique work environment.
Nexus, L.L.C. can conduct internal audits that are required before certification audit. We are certified to audit ISO management systems. We cannot provide consulting and auditing services to the same client, as that would be a conflict of interest, violating the independence requirement in clause 9.2.
Nexus, L.L.C. has the knowledge to tailor any service to your business needs, so you get the consulting and auditing services that you require, and nothing that you don't
If you’re new to ISO 27001, start with: ISO 27001 Explained.
For a step-by-step implementation plan: ISO 27001 Certification Roadmap: Step-by-Step for Beginners
Learn about the changes in the ISO 27001 standard here: ISO 27001:2013 vs 2022 — What Changed?
Understand how long certification may take: How long does ISO 27001 Certification Take?
Please fill out the contact us form or give us a call and we will be in touch to answer questions or schedule a meeting to discuss your business needs and ISO 27001 goals.
Email: info@nexusadvisory.org Phone: (443) 256-3385
Copyright © 2025 www.nexusadvisory.org - All Rights Reserved.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.