Skip to main content
Home About
Quality & Environment
ISO 9001 Quality Management ISO 14001 Environmental Management ISO 45001 Occupational Health & Safety
Security & Innovation
ISO 27001 Information Security ISO 42001 AI Management ISO 13485 Medical Devices
Services
Internal Audits & External QMR QM Training Funding Advisory Funding FAQ Knowledge
DE / EN
Free Consultation
Information Security · ISO 27001

ISO 27001 Consulting — Systematic Information Security

ISO 27001 is the world's leading standard for information security management systems (ISMS). Sternberg Consulting guides you through gap analysis, risk assessment, documentation and the certification audit — with a clear focus on pragmatic implementation instead of compliance theatre.

Free first consultation How it works

Trusted by leading organisations

Vissibl AOP Marine Agency Spark Professional Services Packwise BerYar GmbH VisionKey GmbH ISG Information Services Group BioSAW Dresden Vissibl AOP Marine Agency Spark Professional Services Packwise BerYar GmbH VisionKey GmbH ISG Information Services Group BioSAW Dresden
Definition

What is ISO 27001?

ISO 27001 defines the requirements for an information security management system (ISMS). The system identifies risks to your information, defines protection measures and continuously monitors their effectiveness.

The current version ISO/IEC 27001:2022 covers 93 controls in four groups (organisational, people, physical, technological). Annex A has been significantly modernised compared to the 2013 version.

An ISO 27001 certificate is often a prerequisite for customers in the financial, healthcare and public sector. In the context of NIS2, it is becoming a practical must-have for many companies.

Contact

Request a Free Consultation

I'll get back to you within 24 hours — no obligation, personal response.

Quick select

  • No obligation
  • BAFA funding may apply
  • Response within 24 hours
Jonathan Sternberg — ISO Berater
Your point of contact

Personal delivery — from kickoff to audit.

I am Jonathan Sternberg, a certified ISO consultant and auditor. Every engagement is personally delivered by me — no junior team, no subcontractors.

My approach is remote-first and nationwide. You get clear communication, firm deadlines and a management system your team actually uses.

My verifiable lead auditor credentials: CQI IRCA PR328 (ISO 9001), ULN 606399, Course ID 1792 and CQI IRCA PR357 (ISO 45001), ULN 606399, Course ID 1885.

For certification projects, I coordinate with certification bodies operating under DAkkS, UKAS and ANAB accredited providers.

  • IRCA-recognised lead auditor courses: PR328 (ISO 9001) and PR357 (ISO 45001)
  • Works with accredited certification bodies, including DAkkS-, UKAS- and ANAB-accredited providers
  • 100 % first-audit success rate
  • Based in Saxony, available nationwide
Target audience

Who needs ISO 27001?

IT service providers & SaaS vendors

Customers expect a solid ISMS proof point. Without ISO 27001 you lose deals to certified competitors.

Companies affected by NIS2

Many industries fall under the NIS2 directive from 2025. An ISO 27001 ISMS largely covers NIS2 requirements.

Financial and insurance services

BaFin, DORA and industry-specific supervision expect structured risk management at ISO 27001 level.

Healthcare

GDPR, hospital cybersecurity, patient data protection — ISO 27001 is the established foundation.

How we work together

The route to your ISMS

From your first question to the certificate on the wall — and beyond.

1

Free first consultation

30 minutes on goals, scoping and timing. Quote within 24 hours.

2

Gap analysis

Your current security posture against Annex A's 93 controls. Outcome: prioritised action plan.

3

Risk assessment

Identify your information assets, threats and vulnerabilities. From that we derive concrete protective measures.

4

ISMS documentation

Information security policy, Statement of Applicability, control catalogue, incident plans — lean and audit-proof.

5

Awareness & training

Employees are trained on phishing, password security and incident reporting. Without awareness there is no functioning ISMS.

6

Internal audit & certification

Internal audit, close gaps, accompany certification audit. 100% first-audit success rate.

Your benefits

Why choose Sternberg Consulting for ISO 27001?

NIS2-readiness included

The ISMS is built so it meets NIS2 requirements directly — no duplicate setup needed.

Practical risk management

No risk assessment for its own sake. Every risk has a clear business context and a concrete mitigation.

Lean documentation

Modern tools instead of 400-page Word templates. Audit documents your team actually reads.

ISO 9001/14001 integration

Harmonised management systems — shared internal audits and management review.

GDPR synergies

The ISMS delivers the foundations for a GDPR-compliant data protection programme.

BAFA-fundable

Up to 80% of consulting costs can be reimbursed.

Funding

Up to 80 % of consulting costs reimbursed.

BAFA subsidises SME consulting via the "Förderung unternehmerischen Know-hows" programme. I handle the entire application.

€2,800
Eastern Germany
Outside Berlin and Leipzig
€1,750
Western Germany
Including Berlin and Leipzig
Client voice
"Energy and results convinced us. From first contact to Stage 2 audit in six weeks — only possible because Jonathan began the work even before the contract was signed."
MK
Matthäus Käppeler
Principal Consultant — ISG Information Services Group
Complementary services

Also relevant for you

ISO 42001

AI management system — the next compliance wave.

Learn more

External QMR

Support for your ISMS between audits.

Learn more

ISO 9001

Quality management as foundation.

Learn more
FAQ

Common questions.

How much does ISO 27001 consulting cost?

Between €8,000 and €25,000 depending on company size and IT complexity. With BAFA funding the out-of-pocket cost is often €2,000–€6,000. A precise fixed-price quote follows the first call.

How long does an ISMS take to build?

Typically 10 to 16 weeks. The biggest driver is the risk assessment and implementing the resulting controls. With existing security processes it can go significantly faster.

Does ISO 27001 cover NIS2 requirements?

Largely yes. The NIS2 minimum measures under Article 21 overlap with ISO 27001 Annex A by about 85%. The rest can be covered with a few additional controls. A certified ISMS is the most economical NIS2 implementation.

Do I need dedicated IT security tools for ISO 27001?

Not necessarily. We use what you already have — Microsoft 365, Google Workspace or open-source solutions. Where there are gaps I recommend concrete, affordable tools.

What is the Statement of Applicability (SoA)?

The SoA is the central ISMS document. For each of the 93 Annex A controls it states whether it applies, why and how it is implemented. I create the SoA with your team.

Does ISO 27001 cover the supply chain?

Yes. The "Information security in supplier relationships" control requires assessment of every service provider with access to information. We build a pragmatic supplier due diligence process.

How often do employees need training?

The standard requires regular awareness measures. We recommend at least one mandatory annual training plus event-driven updates (e.g. after incidents).

Next step

Let's talk.

Tell me where you stand and what you need. Within 24 hours you receive a first assessment and a concrete meeting proposal — free and without commitment.

  • Reply within 24 hours
  • Free first consultation, no strings attached
  • BAFA funding eligibility checked for you

By submitting you agree to the processing of your details for answering your enquiry.