Infrastructure-level implementation of Annex A technical controls — access management, cryptography, logging, and network security — from a team with a track record of taking that work through to a passed certification audit.
ISO 27001 certification audits test whether Annex A controls are actually implemented and operating — not just documented in policy. This is the same infrastructure-level implementation work behind engagements ACS has taken through to a passed certification: access management, cryptography, logging, and network security.
Work is scoped against your Statement of Applicability — the specific controls relevant to your environment and risk assessment — rather than a one-size-fits-all Annex A checklist.
ISMS policy documentation, risk assessment methodology, and the formal certification audit sit with your compliance consultant and certification body — we coordinate directly with them on the technical side rather than duplicating that relationship.
No — certification is issued by an accredited certification body following formal audit. ACS implements the technical controls that audit will test, with a track record of taking that work through to a passed certification.
Yes — ACS has implemented Annex A technical controls and taken infrastructure through to a passed ISO 27001 audit as part of prior engagement work.
Access control (A.9), cryptography (A.10), operations security and logging (A.12), and network security (A.13) are the most common infrastructure-heavy areas — scoped to your specific Statement of Applicability.
Our focus is technical control implementation. ISMS policy, risk assessment methodology, and management-system documentation are typically handled by your compliance consultant — we coordinate with them on the technical side.
Yes — the formal certification relationship remains between you and your certification body; we coordinate on technical scope with your consultant where one is engaged.
Against your Statement of Applicability — which controls apply to your environment — rather than implementing the full Annex A regardless of relevance.
Tell us your Statement of Applicability and current infrastructure state. We'll scope the implementation work.