Our Fractional CISO service provides ISO 27001 certification support and ongoing compliance management for companies of 20 to 200 people. Acting as your virtual CISO (vCISO), we take ownership of your Information Security Management System (ISMS) end to end, from ISO 27001 gap analysis and ISMS implementation through internal audit, certification audit support, and ongoing compliance after certification. You get an experienced, named individual with the credentials auditors expect, without the cost of a full-time CISO.
Key Benefits
- Achieve ISO 27001 certification without hiring a full-time CISO or burdening your engineering team.
- Work directly with a P.Eng and CISSP with experience designing and building software, who understands how your systems are built so controls fit your architecture instead of fighting it
- A simple monthly engagement, fully remote, with no big-firm overhead and no junior staff learning on your dime
- Satisfy the auditors’ requirement for a named, accountable security officer without adding headcount
- The same person who certifies you stays on to keep you certified through surveillance audits, year after year
Call us at (647) 560-8687 or email hello@akouto.com for a free consultation.
What’s Included
Gap Analysis & Roadmap
Every engagement begins by establishing where you stand against ISO 27001 today. We assess your current policies, controls and practices, then deliver a remediation roadmap that lays out the shortest defensible path to certification, so you know exactly what is ahead before committing further.
ISMS Build
We build your Information Security Management System from the ground up: risk register, policies, and controls mapped to the way your systems actually work. Your developers keep shipping while your fractional CISO handles the compliance work.
Internal Audit
ISO 27001 requires an internal audit before the certification audit, and doing it properly is the difference between a smooth Stage 2 and a pile of findings. We conduct the internal audit, document the results, and close the gaps before the external auditor arrives.
Certification Audit Support
We prepare your team for the Stage 1 and Stage 2 certification audits, manage the evidence, and handle the relationship with the certification body. When the auditors have questions, they talk to your security officer, not your engineers.
Ongoing Compliance
Certification is year one of a three-year cycle. After the certificate is issued, your fractional CISO stays on through a monthly retainer to operate the ISMS, manage surveillance audits, and keep your certification in good standing.
How it works
Our Fractional CISO service is built for companies of roughly 20 to 200 people, whose customers or contracts require ISO 27001 certification. Rather than hiring a full-time security executive or spreading the work across an already busy engineering team, you get a named security officer with the credentials and experience auditors expect, for a fraction of the cost of a full-time hire.
The engagement starts with the Gap Analysis to establish your starting point and roadmap. From there we build out your ISMS, implementing policies, risk management, and controls that fit your business rather than a generic template. Because your fractional CISO is an engineer first, with decades of hands-on experience building secure enterprise and carrier grade applications, security controls are designed around how your systems actually work, and certification stops taxing your team.
Once the ISMS is in place, we conduct the internal audit, remediate any findings, and support you through the Stage 1 and Stage 2 certification audits. After certification, the engagement converts to a lighter monthly retainer covering ISMS operation and the annual surveillance audits, so the same person who got you certified keeps you certified.
Call us at (647) 560-8687 or email hello@akouto.com for a free consultation.