7-10 days
ISO 27001 Readiness Review
Know where you stand before the auditor does.
- Who it is for
- Teams that need a fast, honest diagnosis of audit readiness.
- What it covers
- Scope, risk register, SoA, evidence quality and top gaps.
An independent advisory practice for regulated technology teams.
- IRCA Associate Auditor - ISMS
- CQI Practitioner Member - PCQI
- ISO/IEC 27001:2022 Auditor/Lead Auditor trained
What you receive
- Readiness score
- Top 10 gaps
- Risk register review
- Statement of Applicability review
- Evidence quality review
- Audit readiness report
- 30-day remediation plan
How the engagement runs
Scope and align
We confirm the boundary of your ISMS, the audit or deal driving this work, and what evidence already exists - so effort goes where it matters.
Assess against reality
We test controls the way an auditor will: risk register, Statement of Applicability, evidence quality and control ownership - sampled, not assumed.
Report with clarity
You get a clear, prioritized view of gaps - what is critical, what can wait - with no jargon and no padding.
Plan the fix
A concrete remediation plan with owners and sequencing, so the work continues with or without us.
Other services
ISO 27001 Readiness Sprint
Fix the gaps that put certification, surveillance or enterprise deals at risk.
Learn more →MonthlyISMS Maintenance Retainer
Keep risk, evidence, suppliers, reviews and controls alive all year.
Learn more →2-4 weeksVanta / Drata / Sprinto Cleanup
A compliance platform collects evidence. It cannot decide whether your scope, risks and control ownership make sense.
Learn more →Book a readiness review.
Book a readiness callKellwick is an independent advisory practice. We are not a certification body and do not issue ISO certifications. Certification decisions are made only by accredited certification bodies.