Implementation Support.
Getting from zero to certified isn't a documentation exercise — it's a full-scale operational transformation. ITIS-Secure embeds alongside your team to build, configure, and prove every control your certification requires.
What Is Implementation Support?
Most companies attempting ISO27001 or TISAX certification try to do it with their existing IT team, treating it as an internal project. They underestimate the bandwidth required, the depth of expertise needed, and the evidence requirements they don't yet know about. By month three, the project stalls. Policies are half-written, risk assessments are incomplete, and the certification deadline hasn't moved.
ITIS-Secure doesn't hand over a framework template and leave. We assign a dedicated expert who works inside your organisation through the full implementation lifecycle: scoping, policy development, control implementation, evidence building, and audit preparation. Your consultant becomes part of your team for the duration of the engagement.
The outcome is a genuinely implemented, audit-ready security programme — not just a folder of policies no one reads. Every control is operational, every piece of evidence is documented, and your team understands what they're running. Note: ITIS-Secure provides implementation support and consultancy. Official certifications are issued by independent accredited certification bodies.
What We Implement
From the first gap analysis to the final auditor walkthrough, we implement every layer of your security programme.
ISMS Foundation
We establish your Information Security Management System from the ground up. Scope definition, context of organisation, leadership requirements, and the full PDCA operating model aligned to ISO27001:2022.
Risk Assessment & Treatment
We conduct structured risk assessments using recognised methodologies, build your Risk Treatment Plan, and develop the Statement of Applicability — the core documents every auditor scrutinises first.
Policy & Documentation Library
We develop the full policy suite your certification requires. Information security policy, acceptable use, access control, incident response, business continuity, and 20+ supporting procedures — all tailored to your environment, not copied from a template.
Technical Controls
Policies without evidence don't pass audits. We implement and document the technical controls — access management, logging, encryption, patch management, network segmentation — and build the evidence trail auditors require.
Security Awareness
Human error remains the leading cause of security incidents. We design and deliver awareness programmes that build genuine security culture, not just checkbox completion.
Pre-Certification Preparation
Before your official assessment, we conduct a structured mock audit against your target standard. Identifying and closing gaps while there's still time to fix them.
Our Implementation Methodology
Every engagement follows our proven delivery model — the same process that has achieved a 98% first-time pass rate across TISAX and ISO27001 programmes.
Discover
We assess your current posture, define scope, and build your personalised compliance roadmap.
Weeks 1–2Design
We design your ISMS architecture, risk assessment methodology, and policy framework.
Weeks 3–4Build
We implement controls, write policies, and configure technical measures.
Weeks 5–10Validate & Certify
We conduct a mock audit, close all identified gaps, and support you through the official assessment — present, available, and ready to respond.
Weeks 11–13+Frequently Asked Questions
