BCE Ventures
ISO/IEC 27001 advisory

ISO/IEC 27001 advisory for SaaS and software businesses.

BCE Ventures helps SaaS, software, and digital businesses prepare for ISO/IEC 27001 certification, design a working Information Security Management System, and run the internal audit cycle that keeps it alive.

Led by a certified ISO/IEC 27001 Lead Auditor.

Information security management, done in proportion to the business.

Most companies preparing for ISO/IEC 27001 do not need a binder of generic policies. They need an ISMS that fits how they actually operate, and a programme they can sustain after certification.

We work alongside engineering, security, and management on the practical work of designing, implementing, and maintaining an ISMS: scope, risk assessment, Annex A control mapping, certification-readiness, internal audit, and management review.

Readiness

Gap analysis against ISO/IEC 27001:2022 and the Annex A controls.

ISMS design

Scope, policies, risk approach, and Statement of Applicability shaped to the business.

Internal audit

Independent internal audit aligned with ISO 19011, by a certified Lead Auditor.

Sustain

Management review and continual improvement to keep certification alive after the audit.

How an engagement runs

01
Understand the business

We start by listening: what you build, who you build it for, and where the ISMS needs to fit.

02
Map the gap

Structured assessment against ISO/IEC 27001:2022 and the Annex A controls.

03
Design and implement

Scope, risk approach, policies, Statement of Applicability, and the controls that make sense for the business.

04
Audit and sustain

Internal audit, management review, and the cadence that keeps the ISMS alive after certification.

Working towards ISO/IEC 27001?

Contact BCE Ventures for a short conversation about where you are and what the next step looks like.