Skip to content
Kellwick

Services

Evidence, ownership and operating discipline - not just templates.

ISO 27001 support for companies that need their ISMS to work in practice: before certification, before a surveillance audit, and between cycles.

Which engagement fits where you are?

ServiceDurationBest forOutput
Readiness Review7-10 daysQuick, honest diagnosisReport + top gaps + 30-day plan
Readiness Sprint4-6 weeksPre-audit remediationEvidence map + gap tracker + readiness report
ISMS MaintenanceMonthlyCertified companiesMonthly ISMS status + evidence review + risk updates
Vanta / Drata Cleanup2-4 weeksCompliance platform usersControl ownership + evidence quality + cleanup plan
Security Questionnaire Support48h triageDeals blocked by security reviewsEvidence pack + answer quality + reusable answer library

What we usually review

Whatever the engagement, we look at the same artifacts an auditor and an enterprise buyer will. We work from evidence, not opinions.

  • ISMS scope
  • Risk register
  • Statement of Applicability
  • Access reviews
  • Supplier and subprocessor list
  • Incident log
  • Change and release evidence
  • Secure development (SDLC) evidence
  • Management review records
  • Internal audit records
  • Security questionnaires
01

ISO 27001 Readiness Review

Know where you stand before the auditor does.

Who it is for
Teams that need a fast, honest diagnosis of audit readiness.
What it covers
Scope, risk register, SoA, evidence quality and top gaps.

You receive · 7-10 days

  • Readiness score
  • Top 10 gaps
  • Risk register review
  • Statement of Applicability review
  • Evidence quality review
  • Audit readiness report
  • 30-day remediation plan
02

ISO 27001 Readiness Sprint

Fix the gaps that put certification, surveillance or enterprise deals at risk.

Who it is for
Teams remediating before a certification or surveillance audit.
What it covers
Structured remediation across risk, SoA, policy, process and evidence.

You receive · 4-6 weeks

  • Gap tracker
  • Evidence map
  • Risk / SoA review
  • Policy / process review
  • Control owner map
  • Audit readiness checklist
  • Management review prep
  • Internal audit readiness notes
  • 30 / 60 / 90-day remediation plan
03

ISMS Maintenance Retainer

Keep risk, evidence, suppliers, reviews and controls alive all year.

Who it is for
Certified companies keeping the ISMS audit-ready between cycles.
What it covers
Ongoing operating discipline across the ISMS lifecycle.

You receive · Monthly

  • Risk register updates
  • Evidence review
  • Supplier review support
  • Access review support
  • Incident / change / release evidence review
  • Management review prep
  • Internal audit calendar
  • Corrective action tracking
  • Security questionnaire support
04

Vanta / Drata / Sprinto Cleanup

A compliance platform collects evidence. It cannot decide whether your scope, risks and control ownership make sense.

Who it is for
Teams using a compliance platform but lacking operating discipline.
What it covers
Scope, risks, SoA, control ownership and evidence quality.

You receive · 2-4 weeks

  • Control ownership map
  • Evidence quality review
  • Scope and SoA sanity check
  • Workspace cleanup plan
05

Security Questionnaire Support

Stop letting enterprise security reviews stall your deals. We help you answer questionnaires accurately, with evidence.

Who it is for
Teams whose deals are blocked by enterprise security reviews.
What it covers
Questionnaire triage, evidence pack, answer quality and trust story.

You receive · 48h triage

  • 48-hour questionnaire triage
  • Evidence pack review
  • Answer quality review
  • Reusable answer library
  • Trust center / trust page guidance
  • Recurring questionnaire support

Pricing

Typical starting points.

Engagements are scoped based on company size, ISMS maturity, audit timeline and evidence quality. Final pricing is confirmed after a readiness call.

  • Readiness Reviewfrom $2,500
  • Readiness Sprintfrom $7,500
  • ISMS Maintenancefrom $2,000 / month

Fixed-scope readiness reviews are available. Pricing depends on scope, timeline and current ISMS maturity.

Not sure which one you need?

Start with a short call. If a readiness review is not the right first step, we will say so.

Book a readiness call