Structured, expert-led ISO 27001 certification programme.
ISO 27001 certification tells clients, partners, and regulators that your organisation takes information security seriously. It opens enterprise contracts, satisfies government tender requirements, and reduces cyber insurance premiums. Crewtec guides you through every stage โ from initial gap assessment to holding your ISO 27001:2022 certificate.
A structured process โ so you always know what is happening and what comes next.
Benchmark your current controls against ISO 27001:2022 Annex A โ risk-scored report delivered in 2 weeks.
Build your Information Security Management System โ policies, risk register, Statement of Applicability, and asset inventory.
Roll out controls across people, process, and technology with guided support at every step.
Pre-certification dry run โ identify and fix remaining gaps before the external certification body arrives.
Support through Stage 1 and Stage 2 audits with the certifying body until your certificate is issued.
iValue Technology Partner
AI-driven EDR and XDR to stop ransomware across every device in your organisation.
SentinelOne ยท Fortra ยท Forcepoint
๐งAI-powered SIEM, UEBA, and threat intelligence to power your security operations centre.
Gurucul ยท Splunk ยท Recorded Future
๐คPAM, MFA, and identity governance to ensure only the right people access your resources.
CyberArk ยท Entrust ยท InstaSafe
๐Protect sensitive data at rest, in transit, and in use with enterprise-grade encryption.
OpenText ยท Entrust ยท Thales
For most Indian SMEs and mid-market companies, the journey takes 12โ20 weeks depending on current security maturity. A structured programme with experienced support typically runs 12โ16 weeks from kickoff to certificate.
Total cost has two parts: consulting fees (which vary by company size and scope) and certification body fees (paid to BSI, Bureau Veritas, TรV SรD, or similar). Certification body fees typically range from โน1.5โ4 lakhs. Consulting fees depend on scope โ we provide a fixed price after the initial gap assessment.
ISO 27001 is not legally mandatory for most Indian companies, but it is effectively required by the market. Government tenders, enterprise vendor onboarding, BFSI clients, and CERT-In empanelment all either require or strongly prefer ISO 27001. For IT services companies, it's become a commercial necessity.
ISO 27001:2022 is the current version, published in October 2022. It replaced ISO 27001:2013. The 2022 version updated Annex A from 114 controls to 93 controls across 4 themes, and added new controls for cloud security, threat intelligence, and data masking. All new certifications should be to the 2022 standard.
The Statement of Applicability is a required document in ISO 27001 that lists all Annex A controls, states whether each control is applicable to your organisation, and justifies any exclusions. It's one of the first documents the certification body reviews and is central to your ISMS.
Governance
ISO 42001 AI Management System design, implementation, and audit readiness for Indian enterprises deploying AI.
Learn More โGovernance
Fractional Chief Information Security Officer service โ strategy, board reporting, risk management, and compliance oversight on a monthly retainer.
Learn More โGovernance
IT and information security risk programme design โ risk registers, risk appetite frameworks, board reporting, and third-party risk management.
Learn More โBook a free 30-minute consultation โ no obligation. We will review your situation and give you an honest recommendation.