Skip to content
Kellwick
← All services

Monthly

ISMS Maintenance Retainer

Keep risk, evidence, suppliers, reviews and controls alive all year.

Who it is for
Certified companies keeping the ISMS audit-ready between cycles.
What it covers
Ongoing operating discipline across the ISMS lifecycle.

An independent advisory practice for regulated technology teams.

  • IRCA Associate Auditor - ISMS
  • CQI Practitioner Member - PCQI
  • ISO/IEC 27001:2022 Auditor/Lead Auditor trained

What you receive

  • Risk register updates
  • Evidence review
  • Supplier review support
  • Access review support
  • Incident / change / release evidence review
  • Management review prep
  • Internal audit calendar
  • Corrective action tracking
  • Security questionnaire support

How the engagement runs

  1. Scope and align

    We confirm the boundary of your ISMS, the audit or deal driving this work, and what evidence already exists - so effort goes where it matters.

  2. Assess against reality

    We test controls the way an auditor will: risk register, Statement of Applicability, evidence quality and control ownership - sampled, not assumed.

  3. Report with clarity

    You get a clear, prioritized view of gaps - what is critical, what can wait - with no jargon and no padding.

  4. Plan the fix

    A concrete remediation plan with owners and sequencing, so the work continues with or without us.

Discuss monthly ISMS support.

Book a readiness call

Kellwick is an independent advisory practice. We are not a certification body and do not issue ISO certifications. Certification decisions are made only by accredited certification bodies.