Back to Services

Compliance & Audit Consulting

Navigate compliance requirements with confidence. NIS-2, ISO 27001:2022, and security frameworks implemented with proven success.

Expert Compliance & Audit Support

Compliance shouldn’t be overwhelming. With proven success in ISO 27001:2022 Stage 1 audits and hands-on NIS-2 implementation experience, I help organizations navigate security compliance requirements effectively and sustainably.

What I Provide

ISO 27001:2022 Implementation

  • Gap analysis against ISO 27001:2022 requirements
  • Information Security Management System (ISMS) development
  • Risk assessment and treatment
  • Statement of Applicability (SoA) creation
  • Control implementation
  • Internal audit execution
  • Stage 1 and Stage 2 audit preparation
  • Surveillance audit support

NIS-2 Directive Compliance

  • NIS-2 requirements assessment
  • Essential and important entity classification
  • Cybersecurity measures implementation
  • Incident reporting procedures
  • Supply chain security
  • Business continuity planning
  • Governance structure
  • Compliance documentation

Compliance Framework Selection

  • Framework evaluation and selection
  • Multiple framework alignment
  • Compliance roadmap development
  • Resource planning
  • Timeline estimation
  • Cost-benefit analysis

Risk Assessment & Management

  • Asset inventory and classification
  • Threat modeling
  • Vulnerability assessment
  • Risk analysis and prioritization
  • Risk treatment planning
  • Residual risk acceptance
  • Ongoing risk monitoring

Policy & Procedure Development

  • Information security policies
  • Operating procedures
  • Work instructions
  • Compliance documentation
  • Templates and forms
  • Clear, usable documentation

Control Implementation

  • Technical controls deployment
  • Administrative controls establishment
  • Physical security measures
  • Organizational controls
  • Evidence collection
  • Effectiveness measurement

Audit Preparation & Support

  • Pre-audit readiness assessment
  • Gap remediation
  • Evidence preparation
  • Management review facilitation
  • Auditor interaction support
  • Non-conformity resolution
  • Continuous improvement planning

Compliance Automation

  • Vanta integration and configuration
  • Automated evidence collection
  • Compliance monitoring
  • Control testing automation
  • Audit trail generation
  • Continuous compliance

Who This Is For

  • Organizations Requiring Certification: Customers demand ISO 27001
  • NIS-2 Covered Entities: Essential or important entities under NIS-2
  • Security-Conscious Businesses: Want formal security frameworks
  • Growing Companies: Need structured security management
  • Regulated Industries: Compliance is mandatory

Real-World Compliance Success

I’ve successfully delivered:

  • ISO 27001:2022 Stage 1 Audit Success (November 2025)
  • NIS-2 Directive Implementation
  • ISO 27001 Documentation for multiple organizations
  • Compliance automation with Vanta
  • Risk assessment frameworks
  • Internal audit programs
  • Security control implementations

The Compliance Journey

ISO 27001:2022 Path

Phase 1: Planning (4-6 weeks)

  • Scope definition
  • Gap analysis
  • Project planning
  • Resource allocation
  • Timeline development

Phase 2: Implementation (4-8 months)

  • ISMS development
  • Policy creation
  • Risk assessment
  • Control implementation
  • Team training

Phase 3: Audit Preparation (6-8 weeks)

  • Internal audit
  • Management review
  • Pre-certification assessment
  • Gap remediation
  • Final preparations

Phase 4: Certification (8-12 weeks)

  • Stage 1 audit
  • Gap closure
  • Stage 2 audit
  • Non-conformity resolution
  • Certificate issuance

Phase 5: Maintenance (Ongoing)

  • Surveillance audits
  • Continuous improvement
  • Annual management review
  • Internal audit program

NIS-2 Compliance Path

Phase 1: Assessment (2-4 weeks)

  • Entity classification
  • Scope determination
  • Current state analysis
  • Gap identification
  • Implementation planning

Phase 2: Implementation (3-6 months)

  • Cybersecurity measures
  • Risk management
  • Incident response
  • Business continuity
  • Supply chain security
  • Governance establishment

Phase 3: Operationalization (Ongoing)

  • Monitoring and review
  • Incident reporting
  • Continuous improvement
  • Regulatory updates
  • Audit readiness

Compliance Frameworks I Support

Primary Expertise

  • ISO/IEC 27001:2022: Information Security Management
  • NIS-2 Directive: Network and Information Systems Security
  • ISO/IEC 27002:2022: Security Controls

Additional Frameworks

  • SOC 2
  • GDPR (data protection aspects)
  • NIST Cybersecurity Framework
  • CIS Controls
  • Essential Eight

Technologies I Work With

Compliance Platforms:

  • Vanta (preferred)
  • OneTrust
  • Drata
  • Manual frameworks

Security Tools:

  • Greenbone (vulnerability scanning)
  • Trivy (container security)
  • AWS Security Hub
  • Azure Defender

Documentation:

  • Policy management systems
  • Risk registers
  • Asset inventories
  • Evidence repositories

What Makes This Different

Unlike large consultancies with rotating teams, you get:

  • Personal continuity throughout the process
  • Proven audit success (ISO 27001 Stage 1)
  • Real-world implementation experience
  • Practical, sustainable approaches
  • Technical implementation capability
  • Ongoing support

Common Challenges I Address

ISO 27001

  • “Too complex for our size”
  • “Don’t know where to start”
  • “Need technical implementation help”
  • “Concerned about audit”
  • “Maintaining after certification”

NIS-2

  • “Are we covered?”
  • “What do we actually need to do?”
  • “How to report incidents?”
  • “Supply chain requirements”
  • “Governance structure”

My Compliance Philosophy

Practical Over Perfect: Build compliance that works for your organization

Sustainable: Create systems you can maintain long-term

Integrated: Compliance supports business, doesn’t hinder it

Evidence-Based: Strong evidence collection from the start

Continuous: Compliance is ongoing, not one-time

Technical + Process: Both technical controls and procedures

Control Implementation Examples

Technical Controls

  • Multi-factor authentication
  • Encryption (data at rest/in transit)
  • Network segmentation
  • Access controls
  • Vulnerability management
  • Security monitoring
  • Backup and recovery

Organizational Controls

  • Security policies
  • Risk management process
  • Incident response
  • Business continuity
  • Supplier management
  • Training and awareness
  • Asset management

Compliance Automation

Using Vanta

  • Automated evidence collection
  • Continuous monitoring
  • Control testing
  • Audit readiness dashboard
  • Integration with cloud providers
  • Personnel management
  • Policy distribution

Benefits

  • Reduced manual effort
  • Continuous compliance
  • Real-time visibility
  • Faster audits
  • Lower maintenance burden

Business Benefits

Customer Trust: Certification demonstrates commitment

Competitive Advantage: Win deals requiring compliance

Risk Reduction: Structured approach to security

Operational Excellence: Better processes and controls

Regulatory Compliance: Meet legal requirements

Insurance Benefits: Better cyber insurance rates

Post-Certification Support

Certification is just the beginning:

  • Surveillance audit preparation
  • Annual management reviews
  • Internal audit programs
  • Control effectiveness monitoring
  • Continuous improvement
  • Regulatory update tracking
  • Recertification support

Investment in Compliance

Compliance done right provides real security benefits, not just checkboxes. With proven audit success and practical experience, your compliance journey will be effective, sustainable, and valuable.

This isn’t about generating documents to pass an audit—it’s about building genuine security management that achieves certification while actually improving your security posture.