About
An advisory practice for the part of compliance that actually breaks.
Kellwick is a team-led advisory practice focused on ISO 27001 readiness, ISMS maintenance and product-led security governance for regulated technology companies - SaaS, fintech, payments, FX, iGaming and credit platforms.
Most companies do not fail ISO 27001 because they lack policies. They fail because the ISMS is not operated: risks go stale, evidence is scattered, ownership is unclear, and the system only looks compliant on paper. That is the problem we work on.
How we work
Evidence over paperwork
Policies do not prove control operation. Evidence does. We look at what your ISMS actually produces - access reviews, incident records, supplier assessments, management decisions - not just what it promises.
Ownership over templates
Controls fail when nobody owns them. We map every control to a real owner in product, engineering or operations, so the system keeps running after we leave.
Product-led, not audit-led
For SaaS and fintech companies, ISO 27001 touches release governance, QA evidence, access control and supplier risk. We connect the ISMS to how your product is actually built and shipped.
Honest readiness calls
If you are not ready, we say so - and show exactly what to fix first. If a readiness review is not the right first step, we tell you that too.
Credentials and background
- IRCA Associate Auditor - ISMS
- CQI Practitioner Member - PCQI
- ISO/IEC 27001:2022 Auditor/Lead Auditor trained
Backed by hands-on experience in SaaS, fintech, payments and regulated technology operations - the environments where ISMS discipline is tested daily.
What we are not
Kellwick is an independent advisory practice. We are not a certification body and do not issue ISO certifications. Certification decisions are made only by accredited certification bodies.
We do not sell template packs, we do not guarantee audit outcomes, and we do not replace your accredited certification body. We prepare you to face them with confidence.