Why ISO 27001 (and why now)

ISO 27001

If you sell B2B, ISO 27001 is the quickest way to turn “we take security seriously” into something procurement teams trust.

• Win enterprise deals and vendor assessments faster

• Reduce security fire-drills and “random controls”

• Make security repeatable across teams, new hires, and growth

What ISO 27001 actually requires

ISO/IEC 27001:2022 is a risk-based standard. You don’t “implement everything”—you implement what matches your risks, products, and scope, and then prove it works.

It includes Annex A controls (93 controls) grouped into four themes: Organizational, People, Physical, and Technological.

How certification works (who does what)

Think of ISO 27001 as three layers:

1. You (the company): own the ISMS and run it day-to-day

2. CYQtech (implementation partner): design + implement controls, policies, and evidence in your workflow

3. Certification Body (CB): the independent auditor that performs the audit and issues the certificate

   • A CB is typically accredited (in the Netherlands, commonly by the Raad voor Accreditatie (RvA)) to ensure competence and credibility.

Audit flow (typical):

• Stage 1 audit: documentation + readiness review

• Stage 2 audit: implementation + evidence review

Then ongoing maintenance with periodic surveillance audits within the certification cycle.

The CYQtech sprint approach

We work like a product team: short sprints, clear scope, and minimal disruption.

1. Free scoping call — we review your stack + current gaps

2. Roadmap + scope — fixed proposal + timeline

3. Implementation (in sprints) — controls that satisfy auditors and keep shipping

4. Audit support — we sit with you during audits and handle evidence packaging