The challenge
International tenders, client requirements, partner due diligence: ISO 27001 is becoming a commercial prerequisite as much as a security framework. But an ISMS built as a documentation pile — disconnected from operations — either fails the audit or, worse, passes it while protecting nothing.
What we deliver
Risk assessment and Statement of Applicability against the 2022 Annex A
Complete ISMS: policies, processes, metrics and governance bodies
Implementation of priority controls with your teams
ISO 27001 internal audit and documented management review
Certification-audit preparation (stage 1 and 2) and findings follow-up
Our method
Certification scope definition — realistic, defensible, extensible.
ISMS built on your actual practices, not generic templates.
Full cycle before the auditor: internal audit, corrective actions, management review.
By your side during the certification audit.
Who it's for
Banks, fintechs, IT-services firms, telecom operators and any West African organization for which certification is a client, regulatory or strategic prerequisite.
Frequently asked questions
How long does it take to get ISO 27001 certified?
Typically 6 to 12 months depending on initial maturity and scope: 3-6 months to build and run the ISMS, one internal-audit cycle, then the two-stage certification audit.
What is the difference between being compliant and being certified?
Compliance is an internal posture; certification is verification by an independent accredited body. Only the certificate carries weight in a tender or due diligence.
Can an SME pursue ISO 27001 without a dedicated security team?
Yes: the standard requires a system proportionate to your context, not a large team. A well-chosen scope and responsibilities carried by existing staff are enough — it's our most common engagement.
