Service 01
Audit Readiness
Assessment
From gap analysis to certification day, we prepare your organisation completely. 98% first-time pass rate across 150+ engagements.
- In-depth gap analysis against your target framework
- Prioritised remediation roadmap with owners and deadlines
- Policy and procedure authoring — we write every document
- Evidence collection, naming, and organisation for audit day
- Simulated Stage 1 dry run before your real auditor arrives
- Live support throughout your certification audit day
98%
First-time pass rate
10wk
Typical delivery
150+
Organisations served
Book a Free Discovery Call
30 minutes. No sales pitch. We assess your position and tell you exactly what is needed.
To activate this form:
1. Go to Contact → Contact Forms
2. Copy your shortcode, e.g.
3. Edit this page in Elementor → click this HTML widget → replace this notice with your shortcode
1. Go to Contact → Contact Forms
2. Copy your shortcode, e.g.
Error: Contact form not found.
3. Edit this page in Elementor → click this HTML widget → replace this notice with your shortcode
The Process
Your 10-Week Path
to Certification
Four structured phases take you from gap analysis to certified — with nothing left to chance on audit day.
01
Gap Analysis
Weeks 1–2. Clause-by-clause assessment of your current controls against your target framework. You receive a scored gap report with every deficiency ranked by severity.
02
Remediation
Weeks 3–8. We close the identified gaps — writing policies, building procedures, implementing controls, and collecting the evidence your auditor will want to see.
03
Dry Run
Week 9. A full simulated Stage 1 audit with our lead auditor acting as your external auditor. Every weakness is identified before the real auditor arrives.
04
Certification Day
Week 10+. We are present or on-call throughout your certification audit — producing evidence on request and ensuring nothing derails your certification.
Frameworks We Cover
ISO 27001 · NEN 7510 ·
SOC 2 · BIO
We specialise in the four frameworks most relevant to Dutch organisations. Not sure which applies to you? We advise on the discovery call.
ISO 27001:2022
The global standard for information security management.
NEN 7510
Mandatory Dutch standard for healthcare information security.
SOC 2
Required by US enterprise clients. Type I and Type II.
BIO
Required for Dutch government organisations and suppliers.
Common Questions
Audit Readiness FAQ
How long does the programme take?
Most organisations complete in 10–14 weeks. Smaller organisations or those already partially compliant can be ready faster. We give a specific estimate after the discovery call based on your current maturity and target framework.
What if we do not pass the audit?
Our first-time pass rate is 98%. In the rare event of a non-conformity within the scope of our work, we support your remediation and re-audit engagement at no additional charge. We have never had a client fail twice.
Do you write the policies and procedures for us?
Yes. Policy and procedure authoring is included in the programme. We write documents tailored to your organisation, review them with you iteratively, and prepare them for management approval. You do not need to start from templates.
Do you work with small organisations?
Yes. We work with organisations from around 10 employees upward. We right-size the scope to match your actual risk profile and budget. Smaller organisations do not need enterprise-scale ISMS implementations.
Which certification bodies do you work with in the Netherlands?
We work with all major RvA-accredited certification bodies including Bureau Veritas, TUV Rheinland, DNV, and BSI. We can recommend the right body for your sector and customer requirements.
What frameworks do you cover?
We specialise in ISO 27001:2022, NEN 7510, SOC 2 (Type I and Type II), and the BIO framework for Dutch government organisations. If you are unsure which applies to you, we can advise on the discovery call.
Your Certification
Starts Here
Book a free 30-minute discovery call. We tell you exactly what is needed and how long it will take.