ISO/IEC 27001 Certification Support
Clarify whether your information security management evidence is ready for a certificate route, buyer review, or security procurement requirement.
Designed for real buyer requests, not generic certificate shopping.
AQX starts with the requirement, the intended use, and the evidence already available. That keeps the route practical before the applicant commits budget.
Best-fit applicants
SaaS, cloud, IT services, digital platforms, data processors, and teams handling sensitive customer information.
Commercial use
Companies answering enterprise security questionnaires or procurement requests for an information security certificate.
Before you pay
Organizations that need a practical bridge between policies, risk files, and customer-facing assurance.
Common reasons this page becomes urgent.
- A customer asks for ISO/IEC 27001 before approving access to data, systems, or vendor portals.
- Security questionnaires repeatedly ask for ISMS scope, risk assessment, access control, backup, and incident management evidence.
- The team needs a cleaner way to present security posture without sending scattered internal documents.
What AQX reviews
- ISMS scope, systems, locations, data types, cloud services, and outsourced providers.
- Risk assessment, risk treatment, access control, incident handling, backup, business continuity, supplier control, and monitoring records.
- Whether ISO/IEC 27001, SOC 2, NIST CSF, ISO/IEC 27701, or another route better matches the buyer request.
AQX reviews route suitability before payment. If the file is not eligible or the requirement does not fit the available route, the applicant can avoid unnecessary spend.
Documents that usually speed up review.
- ISMS scope statement
- Risk assessment and treatment plan
- Access control and onboarding/offboarding records
- Incident response procedure
- Supplier/security monitoring records
- Internal review or management review evidence
Review first. Fixed package second. Issue only when the file is ready.
Requirement check
Send the buyer wording, intended use, holder name, country, activities, and any deadline.
Scope and evidence review
AQX maps what the certificate or support route should cover and which documents are missing.
Decision and public record
Where eligible, the final record shows holder, scope, route, issue dates, validity, and verification status.
What applicants usually ask before choosing this route.
Is ISO/IEC 27001 the same as SOC 2?
No. ISO/IEC 27001 is a management system standard, while SOC 2 is an attestation report route based on trust services criteria. Buyer wording determines which is suitable.
Do we need a full security team?
Not always, but responsibilities, controls, evidence, and monitoring must be clear for the scope being reviewed.
Can AQX review our customer questionnaire?
Yes. The first step is often checking what the customer is actually asking for before choosing a route.
Compare before you apply.
Certification buyers often use different words for similar goals. These pages help you compare standards, industries, and support routes before submitting a requirement.
Send the requirement before you spend on the wrong route.
AQX can review the buyer wording, scope, and evidence fit. Initial review is available within 48 hours where eligible, with fixed packages from $398 to $1,599.