What we do

Safepoint helps Belgian organizations implement, prepare for, and maintain ISO 27001 certification. Whether you're pursuing certification for the first time, using ISO 27001 as your NIS2 conformity assessment method, or preparing for a surveillance audit, we deliver practical, audit-ready support.

Who it's for

  • Organizations pursuing ISO 27001 certification
  • NIS2 entities using ISO 27001 for conformity assessment
  • Companies preparing for certification or surveillance audits
  • Businesses needing ISMS (Information Security Management System) implementation
  • Organizations seeking gap analysis against ISO 27001:2022

What you get

Gap Analysis

Comprehensive assessment of your current state against ISO 27001 requirements, with prioritized remediation roadmap.

ISMS Documentation

Complete Information Security Management System documentation: policies, procedures, statements, and records.

Risk Assessment Framework

Structured risk assessment methodology compliant with ISO 27001 Annex A and tailored to your organization.

Annex A Controls

Implementation guidance and templates for applicable ISO 27001 Annex A controls (93 controls in the 2022 standard).

Audit Readiness Package

Pre-audit health check, evidence compilation, and readiness assessment to maximize first-time certification success.

Policy & Procedure Templates

Belgian-context policy templates covering all mandatory ISO 27001 documentation requirements.

How we work

Engagement model: Time & Materials, scoped based on organization size and current maturity.

Approach: We don't implement ISO 27001 for you, we implement it with you. Your team owns the ISMS; we provide the expertise, structure, and quality control to get it audit-ready.

Belgian regulatory context: For NIS2 entities, we ensure your ISO 27001 ISMS addresses CCB conformity assessment requirements and CyberFundamentals alignment.

Typical implementation roadmap

1

Gap Analysis (2-3 weeks)

Assessment of current state, identification of gaps, prioritized remediation plan.

2

ISMS Design (4-6 weeks)

Scope definition, risk assessment methodology, policy framework, Annex A applicability.

3

Implementation (8-12 weeks)

Control implementation, documentation completion, evidence collection, internal audit.

4

Audit Preparation (2-3 weeks)

Pre-audit health check, evidence review, readiness assessment, certification body liaison.

What makes it different

  • Practitioner-led: Delivered by security practitioners, not ISO consultants reading checklists
  • Audit-ready from day one: Every deliverable structured for certification body review
  • NIS2 alignment: Explicit mapping to Belgian CCB requirements for dual compliance
  • No shelf-ware: Practical, usable documentation that your team will actually maintain
  • Transparent scoping: Fixed scope, no scope creep: we tell you upfront what's needed