ISO/IEC 27001 advisory.
BCE Ventures is a business consulting and management advisory firm focused on ISO/IEC 27001 advisory. Our work covers the full lifecycle of an Information Security Management System: readiness, design, implementation support, internal audit, and continual improvement.
Information security and ISO/IEC 27001 advisory
ISMS readiness, risk assessment, internal audit, and continual improvement aligned with ISO/IEC 27001:2022.
Most companies preparing for ISO/IEC 27001 do not need a binder of generic policies. They need an Information Security Management System that fits how they actually operate, and a programme they can sustain after certification.
We work alongside engineering, security, and management on the practical work of getting and keeping ISO/IEC 27001 in place: defining the scope, structuring the risk approach, mapping controls to the way the business operates, preparing for the certification body, and running the internal audit and management review cycle that keeps the ISMS alive.
Engagements are led by a certified ISO/IEC 27001 Lead Auditor with experience across SaaS, software, and business operations. We support readiness and internal audit work; formal certification audits remain the responsibility of an accredited certification body.
What this includes
- ISO/IEC 27001 readiness assessment
- ISMS scope and design
- Risk assessment and Statement of Applicability
- Annex A controls mapping and implementation support
- Internal audit programme (aligned with ISO 19011)
- Management review and continual improvement
- Certification body preparation
Engagement structures
We work under a small number of clear engagement structures, chosen with the client based on what the work calls for.
Defined scope and a single agreed amount. Suits clearly framed work such as a readiness assessment or a one-off internal audit.
Recurring monthly amount for ongoing ISMS support, internal audit cycles, and management review preparation.
Fees billed against phases. Suits longer engagements that move from readiness through to certification preparation.
Billed against time recorded at an agreed rate. Used selectively where the scope is genuinely open.
Scope, fees, and timing are agreed in writing before any work begins. Refund and cancellation terms are set out in our Refund Policy.
A note on scope
BCE Ventures provides ISO/IEC 27001 advisory and internal audit work. Formal certification audits are conducted separately by accredited certification bodies; we prepare clients for that process and support it, but we do not issue certificates ourselves.
Have a specific question in mind?
Tell us where you are in the ISO/IEC 27001 process. If we can be useful, we will say so; if not, we will say that too.