Skip to main content

ISO 27001, implemented.

ISO 27001 consulting and implementation by a team of senior engineers — advisors who actually do the work, not a lone consultant with a policy template. We build a working ISMS inside your Microsoft 365 tenant, configure every Annex A control, and prove each one with live evidence from the Aeges risk engine. Audit-ready in 12 weeks.

ISO 27001 consulting vs. a compliance-automation platform

Hiring help for ISO 27001 in Australia usually means choosing between two models. A traditional ISO 27001 consultancy advises you, drafts policy templates, and hands over a gap report — but your own team still has to configure the controls. A compliance-automation platform is cheaper software that collects evidence, but leaves you to write the policies and do the technical work.

Aegentra is the third option: ISO 27001 consultants and advisors who also do the work. Our senior, NV1-cleared engineers log into your Microsoft 365 tenant and implement every Annex A control by name, with automated evidence from the Aeges risk engine — advisory and hands-on delivery from one on-shore, Melbourne-based team.

Process

  1. Week 0 — Discovery & scope. A senior engineer maps your tenant, your contractual obligations, and your risk appetite. Out-the-other-side: a fixed scope, a fixed price, and a named lead.
  2. Weeks 1–3 — Posture & gap analysis. Aeges runs read-only against your tenant. We produce a control-by-control gap map — what is in place, what is partial, what is missing.
  3. Weeks 4–9 — Implementation. Senior engineers configure each Annex A control inside your environment. Identity, data, endpoints, logging, supplier — every domain handled by name, not by checklist.
  4. Weeks 10–11 — Internal audit. A pre-certification internal audit walks every control end-to-end. Residual findings are closed before your audit body sees the tenant.
  5. Week 12 — Audit handover. Evidence pack delivered, ISMS document control transferred, certification audit scheduled. We sit in for stage-1 and stage-2 if you want us there.
  6. Ongoing — Surveillance support. Optional retainer for surveillance audits, control drift monitoring, and quarterly Aeges re-runs.

Outcomes