Monthly
ISMS Maintenance Retainer
Keep risk, evidence, suppliers, reviews and controls alive all year.
- Who it is for
- Certified companies keeping the ISMS audit-ready between cycles.
- What it covers
- Ongoing operating discipline across the ISMS lifecycle.
An independent advisory practice for regulated technology teams.
- IRCA Associate Auditor - ISMS
- CQI Practitioner Member - PCQI
- ISO/IEC 27001:2022 Auditor/Lead Auditor trained
What you receive
- Risk register updates
- Evidence review
- Supplier review support
- Access review support
- Incident / change / release evidence review
- Management review prep
- Internal audit calendar
- Corrective action tracking
- Security questionnaire support
How the engagement runs
Scope and align
We confirm the boundary of your ISMS, the audit or deal driving this work, and what evidence already exists - so effort goes where it matters.
Assess against reality
We test controls the way an auditor will: risk register, Statement of Applicability, evidence quality and control ownership - sampled, not assumed.
Report with clarity
You get a clear, prioritized view of gaps - what is critical, what can wait - with no jargon and no padding.
Plan the fix
A concrete remediation plan with owners and sequencing, so the work continues with or without us.
Other services
ISO 27001 Readiness Review
Know where you stand before the auditor does.
Learn more →4-6 weeksISO 27001 Readiness Sprint
Fix the gaps that put certification, surveillance or enterprise deals at risk.
Learn more →2-4 weeksVanta / Drata / Sprinto Cleanup
A compliance platform collects evidence. It cannot decide whether your scope, risks and control ownership make sense.
Learn more →Discuss monthly ISMS support.
Book a readiness callKellwick is an independent advisory practice. We are not a certification body and do not issue ISO certifications. Certification decisions are made only by accredited certification bodies.