About This Service
ISO 27001 ISMS Implementation and Certification Audit Prep in the UAE
ISO/IEC 27001 is the international standard for information security management systems (ISMS), and in the UAE it has quietly become a procurement gate: banks, government-linked enterprises and large Dubai and Abu Dhabi corporates increasingly require ISO 27001 from their vendors before signing or renewing contracts. This gig takes your organization from zero to audit-ready: ISMS scoping, a documented risk assessment methodology, the Statement of Applicability (SoA), a complete policy pack, and control implementation tracked against the Annex A control set.
The work follows the standard's own logic. We define the ISMS scope and context, build an asset-based risk assessment with clear likelihood and impact criteria, select and justify controls in the Statement of Applicability, and produce the mandatory documents — information security policy, risk treatment plan, competence and awareness records, supplier security requirements, and the operational procedures behind them. I then run your internal audit and facilitate the management review, the two activities certification auditors check first, so you arrive at Stage 1 with a functioning ISMS rather than a binder of unused documents.
Certification itself is issued by accredited certification bodies after their independent Stage 1 and Stage 2 audits — my role is to get you through them well prepared, including helping you shortlist and brief certification bodies that operate in the UAE. The engagement starts at AED 8,000 with the core ISMS documentation and internal audit delivered in 21 days, sized for free-zone and mainland SMEs from a 10-person SaaS team in Dubai to a 100-person services firm in Sharjah.
What's included
- ISMS scoping and context analysis — Defined ISMS boundaries, interested parties and interfaces — the scope statement your certificate will actually carry.
- Risk assessment methodology and register — Asset-based risk methodology with documented criteria, plus the populated risk register and risk treatment plan.
- Statement of Applicability — Annex A control selection with justification for inclusions and exclusions — the document auditors read line by line.
- Full ISMS policy pack — Mandatory documents and supporting procedures written for your operations, not copied from a template store.
- Control implementation tracking — Implementation plan with owners and due dates, plus working sessions with your team to close priority controls.
- Internal audit and management review — I conduct the internal audit, document findings, and facilitate the management review — both completed before Stage 1.
How it works
- 1Scope and gap baseline
We agree the ISMS scope, I review what you already have, and you get a gap baseline against the standard's clauses and Annex A.
- 2Risk assessment and SoA
We run the risk assessment together, agree treatments, and I produce the Statement of Applicability and risk treatment plan.
- 3Documentation and implementation
I deliver the policy pack and work with your team through the control implementation plan, with weekly progress checkpoints.
- 4Internal audit, review and audit prep
I perform the internal audit, facilitate management review, fix nonconformities, and brief your team for the certification body's visit.
Why work with me
| With me | Typical agency | |
|---|---|---|
| ISMS built around how you actually operate | Documentation dump to pass audit | |
| Internal audit and management review included | Sold as separate add-ons | |
| Help shortlisting accredited certification bodies | ||
| Fixed starting price agreed up front | AED 8,000 | Open-ended day rates |