Advisory & Data Protection
Get certification-ready for ISO 27001 and Cyber Essentials with gap analysis, internal audit and hands-on ISMS support from certified lead implementers and auditors.
Certification wins business: ISO 27001 is the global benchmark for information security management, and Cyber Essentials is increasingly a hard requirement for UK government and supply-chain contracts. Blackfoot's ISO 27001 consultancy takes you from first gap analysis to certification-readiness, with certified lead implementers and lead auditors guiding every step.
For ISO 27001, we start where you are. A gap analysis maps your current position against the standard — including Annex A controls — and establishes realistic scope, because over-scoped management systems are the most common reason certification projects stall. Our lead implementers then help you build or refine your information security management system: policies, processes, risk treatment and the evidence trail an auditor will expect, built to be operated by your team rather than admired in a folder.
Before you face a certification body, we run internal audits and pre-audit reviews that simulate the real thing. Our lead auditors probe your ISMS the way an external assessor will, so gaps surface while they're still cheap to fix and your team walks into stage 1 and stage 2 knowing what to expect.
For Cyber Essentials and Cyber Essentials Plus, the NCSC-backed scheme designed to stop the most common cyber-attacks, we guide you through scoping, assess your environment against the five control themes, help you remediate, and prepare your submission for certification — a fast, high-value baseline whether it's your end goal in itself or a stepping stone on the way to full ISO 27001 certification.
Certification is a milestone, not a finish line: ISO 27001 demands continual improvement and Cyber Essentials renews annually. Our Compliance as a Service subscription keeps your ISMS and controls maintained year-round in the Clarity portal, so surveillance audits and renewals become routine rather than a scramble.
ISO 27001 lead implementers and lead auditors, plus experienced Cyber Essentials assessors — the full journey handled by qualified people.
Know exactly where you stand against the standard, and what certification will realistically take, before committing budget.
Management systems built to fit your organisation — scoped tightly, documented sensibly, and workable for the team who must run them.
Independent internal audits and pre-audit reviews that find the gaps before the certification body does.
Cyber Essentials for a fast security baseline, ISO 27001 for the full management system — sequenced sensibly if you want both.
Ongoing ISMS maintenance through Compliance as a Service on Clarity, so certification survives contact with year two.
We assess your current security posture against ISO 27001 or the Cyber Essentials control themes and define realistic scope and effort.
Our lead implementers work with your team to close gaps — building the ISMS, refining controls and creating the documentation auditors expect.
Independent internal audit tests whether the management system genuinely operates as documented, satisfying ISO 27001's own audit requirement.
A pre-audit review simulates the certification assessment, so remaining issues are fixed before they cost you a nonconformity.
You proceed to certification with confidence — and can keep the system alive year-round through Compliance as a Service on our Clarity portal.
Straight answers to what prospective clients ask us most.
For most organisations, Cyber Essentials first: it's quicker, cheaper and delivers an immediate, recognised baseline. ISO 27001 then builds the full management system on top. We'll advise honestly based on what your customers and contracts actually require.
Typically six to twelve months from gap analysis to certification-ready, depending on your starting maturity and scope. The gap analysis gives you a realistic timeline before you commit.
Cyber Essentials is a verified self-assessment against five core control themes. Cyber Essentials Plus adds independent technical testing of your controls, giving customers and insurers stronger assurance. Many contracts now specify Plus.
Yes. ISO 27001 requires internal audits by someone independent of the work being audited, which is difficult for small teams. Our lead auditors deliver an independent internal audit programme that satisfies the standard and genuinely tests the system.
No — certification is issued by accredited certification bodies for ISO 27001 and by the scheme's certifying body for Cyber Essentials, which keeps it independent and credible. We prepare you thoroughly, support you through the audit and help you respond to any findings.
Get a fixed-scope quote, usually the same working day.