ISO 27001 consulting and implementation by a team of senior engineers — advisors who actually do the work, not a lone consultant with a policy template. We build a working ISMS inside your Microsoft 365 tenant, configure every Annex A control, and prove each one with live evidence from the Aeges risk engine. Audit-ready in 12 weeks.
ISO 27001 consulting vs. a compliance-automation platform
Hiring help for ISO 27001 in Australia usually means choosing between two models. A traditional ISO 27001 consultancy advises you, drafts policy templates, and hands over a gap report — but your own team still has to configure the controls. A compliance-automation platform is cheaper software that collects evidence, but leaves you to write the policies and do the technical work.
Aegentra is the third option: ISO 27001 consultants and advisors who also do the work. Our senior, NV1-cleared engineers log into your Microsoft 365 tenant and implement every Annex A control by name, with automated evidence from the Aeges risk engine — advisory and hands-on delivery from one on-shore, Melbourne-based team.
Process
Week 0 — Discovery & scope. A senior engineer maps your tenant, your contractual obligations, and your risk appetite. Out-the-other-side: a fixed scope, a fixed price, and a named lead.
Weeks 1–3 — Posture & gap analysis. Aeges runs read-only against your tenant. We produce a control-by-control gap map — what is in place, what is partial, what is missing.
Weeks 4–9 — Implementation. Senior engineers configure each Annex A control inside your environment. Identity, data, endpoints, logging, supplier — every domain handled by name, not by checklist.
Weeks 10–11 — Internal audit. A pre-certification internal audit walks every control end-to-end. Residual findings are closed before your audit body sees the tenant.
Week 12 — Audit handover. Evidence pack delivered, ISMS document control transferred, certification audit scheduled. We sit in for stage-1 and stage-2 if you want us there.
Ongoing — Surveillance support. Optional retainer for surveillance audits, control drift monitoring, and quarterly Aeges re-runs.
Outcomes
A working ISMS embedded in your Microsoft 365 tenant — not a static document set.
Reproducible, on-demand evidence for every Annex A control via Aeges.
A certification audit handed off to JAS-ANZ-accredited bodies with no last-minute scramble.
Senior engineers on-record for every implemented control — no junior consultant rotation.
Control drift detected and closed before each surveillance audit, optional retainer.