Implementation, not advice — for
ISO 27001 Certification
ISO 27001, NESA / UAE IA V2, PDPL, ADHICS, and formal risk programs — delivered hands-on by an ISO 27001 Lead Auditor. We implement. Accredited certification bodies certify. Never both. No conflict of interest, ever.
ISO 27001 Lead Auditor on every engagement Implementation only — never the certifier Audit-ready evidence pack included
Pricing — Four tiers
Pick your scope, lock the fee
From single-framework readiness scans for SMEs to multi-framework certification programs.
Starter
AED 12,000
Ideal for: Sub-30-employee UAE companies needing first-pass compliance scoping.
Includes
- PDPL readiness scan OR ISO 27001 mini-gap (single framework)
- Up to 5 staff interviews
- High-priority gaps + 90-day priority list
- Remediation walkthrough call
Not included
- Full Annex A walk-through
- Policy authoring
Designed for UAE SMEs under 30 employees. One-time engagement, no retest included.
Get a quoteEssentials
AED 22,000
Ideal for: SMEs and mid-market needing a formal single-framework gap assessment.
Includes
- ISO 27001 gap assessment OR PDPL readiness (single framework)
- All 93 Annex A controls (if ISO) or full PDPL articles
- 5–10 staff interviews
- Maturity scoring + remediation roadmap
- Executive summary
Not included
- Full implementation
- Combined frameworks
Professional
AED 65,000
Ideal for: Companies actively pursuing ISO 27001 certification within 6 months.
Includes
- Full ISO 27001 implementation — 90-day program
- Risk register, SoA, policies, controls
- Internal audit + management review
- Stage 1 audit prep + remediation
- Liaison with accredited certification body
Not included
- Certification audit fees (paid to certifier)
- ADHICS or NESA add-on
Enterprise
AED 75,000–110,000
Ideal for: Multi-framework programs — ISO 27001 + ADHICS or NESA.
Includes
- Combined program (ISO 27001 + ADHICS v2 OR NESA / UAE IA V2)
- Unified control set across frameworks
- Multi-site or regulated-sector scope
- Full evidence pack + audit liaison
- Quarterly check-ins for 12 months post-certification
Not included
- Certification audit fees (paid to certifier)
- PCI DSS (separate quote)
Not sure which tier fits?
Book a 20-min scoping callFlagship services — available now
Every engagement led by Manoj Prabhakaran, ISO 27001 Lead Auditor. Prices published — scoping call gives you a written quote within 48 hours.
Continuous Compliance Subscription
Stay audit-ready year-round. Quarterly internal audits, evidence management, audit liaison.
ISO 27001 Implementation & Certification Support
End-to-end from policy authoring to accredited-body audit.
ISO 27001 Gap Assessment
Current-state assessment + prioritised remediation roadmap.
NESA / UAE IA V2 Gap Assessment
UAE national standards — full controls assessment for govt-adjacent clients.
UAE PDPL Compliance Advisory
Data mapping, privacy notices, consent, breach-notification process.
Risk Assessment & Risk Register Build
ISO 27005-aligned, quantitative where appropriate. Standalone or ISO 27001 sub-deliverable.
Year 2 — 2027 roadmap
Planned additions. Join the waitlist and we'll email you 30 days before each service launches.
Incident Response Retainer
Monthly retainer for IR SLA, playbook maintenance, and annual exercise. Your IR team on speed-dial.
ISO 27701:2025 (Privacy Information Management)
Privacy management systems layered on ISO 27001. Natural upsell as UAE PDPL enforcement tightens.
NIST CSF 2.0 + Board Risk Reporting
Structured risk programs with appetite statements, registers, and quarterly board reports.
PCI DSS v4.0
Payment card compliance — launching if fintech is our Year-1 vertical anchor.
Dubai ISR v2
Dubai Government information security regulation — government-adjacent and supplier contracts.
Third-Party Risk Assessment
Scalable vendor security assessment service. Mandated by UAE IA V2 and ISO 27001.
Year 3 — 2028 roadmap
Advanced and regional expansion. Join a waitlist if you want first access.
NCA ECC + SAMA CSF
Saudi Arabia market entry — NCA Essential Cybersecurity Controls + SAMA financial framework.
COBIT 2019
Enterprise IT governance for banks, telcos, and government. C-suite engagement.
ISO/IEC 42001 — AI Governance
First-mover AI governance advisory in UAE — Every large client deploying AI; none have governance yet.
DORA / NIS2
EU financial and critical-infrastructure directives. Demand-pull only — EU-linked clients.
Why GRC matters for UAE
Enforcement is moving from paper to penalty. A written policy isn't a program.
UAE PDPL is in active enforcement. NESA / UAE IA V2 assessments are being run across semi-government and regulated sectors. ADHICS compliance is mandatory for Abu Dhabi healthcare providers. Dubai ISR v2 is a gate for any Dubai government supplier. Every one of these frameworks needs implementation, not more advice.
Our team has lived inside these standards — not just read them — and we deliver hands-on programmes that end with audit-ready evidence and operational controls, partnered with accredited certification bodies where a certificate is required. Never both implementer and certifier. Never a conflict of interest.
We're pursuing our own ISO 27001:2022 certification in 2026 — the same program we deliver to clients, applied to ourselves first.
Common questions
Are you also the auditor? Isn't that a conflict of interest?
How long does ISO 27001 take from kickoff to certification?
Will you actually do the work, or just hand us templates?
We need ISO 27001 + UAE PDPL + NESA — can you do all three together?
What if our scope changes mid-project (acquisition, new region, new product)?
Do you provide ongoing support after certification?
Have an upcoming audit, a compliance directive, or a client asking for ISO 27001?
Book a free 30-minute scoping call. We'll scope your program, give you a written quote within 48 hours, and show you exactly what's involved — without the consultancy runaround.