Mid-market with enterprise customers
Your enterprise customers require ISO 27001 as a supplier prerequisite — otherwise no contracts.
COMPLIANCE
ISO 27001 Preparation for Mid-Market
From Annex A check to passed audit in 6 months
ISO 27001 is more than a certificate — it's the entry ticket to enterprise customers, corporate supply chains, and cyber insurance with fair terms. We prepare you structurally for the audit and deliver the technical foundation.
FOR WHOM?
Who benefits specifically?
SaaS provider
ISO 27001 is the standard for B2B SaaS. Without the certificate, enterprise sales don't move forward.
Insurance policy holder
Cyber policies are 30-50% cheaper with ISO 27001 proof. The investment often pays off in the first year.
HOW WE WORK
Structured 4-step process.
01
Annex A gap analysis
We review all 93 Annex A controls and deliver a written assessment with maturity level per area.
02
Statement of Applicability
Together we create the SoA — the central document for every ISO audit. Pragmatic and audit-ready.
03
Technical implementation
Vyrex Platform delivers technical controls for around 60% of Annex A measures. The rest we close together with process consulting.
04
Pre-audit simulation
Three weeks before the real audit, we run a complete audit simulation and close last gaps.
WHAT YOU GET
Concrete deliverables.
Complete Annex A gap analysis as 50-page report
Statement of Applicability, ready for audit
Risk treatment plan
Asset inventory and classification
Information security management system documentation
Pre-audit simulation 3 weeks before real audit
Real-audit support by certified body
Re-certification support after 12 months
ISO 27001 vs NIS-2
One setup, two frameworks.
ISO 27001 and NIS-2 overlap roughly 70%. If you implement ISO 27001, you automatically fulfill most NIS-2 obligations — and vice versa. We build the setup so both frameworks are covered from one data source.
- Risk management — one methodology for both frameworks
- Asset inventory — jointly audit-ready
- Logging and monitoring — via Vyrex Platform
- Incident management — via Vyrex Ops
- Supplier management — shared templates
- Training tracking — shared platform
- Business continuity management
FAQ
Frequently asked.
How long does an ISO 27001 certification take?
Realistically six months from gap analysis to passed audit. Experienced organizations manage in four, less mature in nine to twelve months.
What does ISO 27001 cost at Vyrex?
Vyrex support starts at €9,900 for the 6-month preparation. On top come the certification body costs (typically €8,000–15,000 for mid-market audits).
Who is the audit body?
You choose the audit body freely — we recommend DEKRA, TÜV, or DQS for mid-market audits. Vyrex itself does not audit (conflict of interest), but prepares.
Does ISO 27001 suffice for NIS-2?
Not entirely. ISO 27001 covers about 70% of NIS-2 obligations. The remaining 30% concern primarily reporting duties to the BSI, supply chain aspects, and concrete technical minimum requirements. We build setups so both frameworks are simultaneously fulfilled.
NEXT STEP
Start ISO 27001 preparation with Vyrex.
Free security check with first action plan within two business days — non-binding and without sales pressure.