ISO 27001 Consulting & Certification Support
From gap analysis to a certified Information Security Management System — practical, audit-ready ISO 27001 consulting for organizations across Europe.
The problems this solves
From gap analysis to a certified ISMS your team can actually sustain — practical ISO 27001 consulting backed by an assessment-to-compliance ecosystem.
Where do we even start?
Annex A has 93 controls. Without a baseline, teams waste months on the wrong priorities.
Documentation overload
Generic templates produce binders nobody maintains — and auditors see straight through them.
Certification pressure
An enterprise customer or tender requires the certificate, and the clock is already running.
Keeping it alive
Passing the audit is one thing; sustaining the ISMS through surveillance audits is another.
One connected ecosystem, end to end
I build a living ISMS that fits the way you work — assessed with CyberHealth360, implemented with hands-on consulting, and sustained in ComplianceHub360.
CyberHealth360
An automated assessment platform that benchmarks your current security posture and surfaces the gaps that matter most.
Sandy Smajic Consulting
Senior advisory that turns findings into a prioritized, board-ready roadmap and implements the controls that protect the business.
ComplianceHub360
A GRC platform that keeps policies, evidence and audits in one place so your program stays continuously audit-ready.
What ISO 27001 means for your organization
ISO 27001 is the internationally recognized standard for managing information security. It defines the requirements for an Information Security Management System (ISMS) — a structured framework of policies, processes and controls that protect the confidentiality, integrity and availability of your data.
For organizations operating across the EU and international markets, ISO 27001 has become far more than a badge. It is increasingly a precondition for winning enterprise contracts, satisfying procurement requirements and demonstrating to regulators and customers that information security is managed systematically rather than left to chance.
Certification signals maturity. It tells partners that you have identified your risks, implemented proportionate controls, and committed to continuous improvement — backed by independent audit.
How I approach ISO 27001 implementation
Every engagement begins with understanding your business, not your paperwork. I assess how information actually flows through your organization, where the real risks lie, and what level of control is proportionate to your size and sector.
From there, I build an ISMS that fits the way you work. The goal is a living management system your team can sustain — not a binder of documents that gathers dust after the auditor leaves.
- Gap analysis against the full ISO 27001 control set
- Risk assessment and treatment planning
- ISMS documentation, policies and Statement of Applicability
- Control implementation tailored to your operations
- Internal audit and management review preparation
- Hands-on support through the certification audit
Why work with an independent expert
As an external lecturer in IT Security and a practising consultant, I bring both the academic rigor behind the standard and the real-world judgement that comes from guiding organizations through actual audits.
That combination matters. ISO 27001 is principles-based, and success depends on interpreting it sensibly for your context — neither over-engineering controls nor cutting corners that will fail under scrutiny.
Standards and regulations we cover
Engagements map to the frameworks that matter for your sector — assessed objectively and tracked continuously.
What you walk away with
Tangible, audit-ready outputs — not slideware. Everything is built to fit how your organization actually works.
Full Annex A gap analysis
Every control assessed against your current state with a prioritized remediation list.
ISMS documentation & SoA
Policies, procedures and a Statement of Applicability built for your organization.
Risk treatment plan
A clear, proportionate plan mapping risks to owners, controls and timelines.
Certification audit support
Internal audit, management review prep and hands-on support through both audit stages.
A clear path from gap to audit-ready
A proven four-phase engagement that moves you from uncertainty to a sustainable, defensible program.
Gap analysis
Benchmark against the full ISO 27001 control set with CyberHealth360 to see exactly where you stand.
Risk treatment
Assess risks and build a Statement of Applicability and treatment plan proportionate to your context.
Implement ISMS
Roll out policies, controls and records tailored to your operations — not generic templates.
Certify & sustain
Prepare for both audit stages, then keep the ISMS audit-ready year-round in ComplianceHub360.
How this plays out in practice
An anonymized example of the ecosystem in action. Outcomes are described qualitatively to respect client confidentiality.
Needed ISO 27001 certification to satisfy a major enterprise partner, with no formal ISMS and a six-month window.
Baselined posture with CyberHealth360, implemented a right-sized ISMS, and managed evidence and policies in ComplianceHub360.
Reached certification-ready status within the deadline and passed the external audit, retaining the strategic partnership.
Compliance managed, not just achieved
Once your program is in place, ComplianceHub360 keeps policies, evidence and audits in one place — so the next audit is never a fire drill.
Sectors I work with
Engagements are tailored to the regulatory and operational realities of your industry.
Expertise you can verify
Advisory grounded in academic rigor, real audit experience, and the platforms built to support it.
External Lecturer — HDBW
Teaches IT Security, risk management and compliance at the University of Applied Sciences, keeping practice grounded in current academic rigor.
Cybersecurity Consultant
Hands-on senior consultant who has guided organizations through real ISO 27001, NIS2, TISAX and DORA audits across multiple sectors.
Founder — Security Ecosystem
Built CyberHealth360 and ComplianceHub360 to connect assessment, strategy and compliance management into one continuous program.
Frequently asked questions
The platforms behind the service
Every engagement is powered by the same two platforms that keep your program objective and audit-ready.
Explore related expertise
Step inside the ecosystem
Book a free 30-minute consultation and get a clear, practical path forward — or run a free assessment to see exactly where you stand today.