Cyber & Digital Security
ISO 27001 — Information Security Management System
The global standard for information security. AjaCertX delivers gap analysis, implementation and certification support — protecting your data, systems and reputation.
Structured gap assessment against ISO 27001:2022, prioritised action plan and full implementation support through to Stage 1 and Stage 2 certification audit.
Get Proposal →Independent ISO 27001 internal audits verifying conformity of your information security management system and identifying improvement priorities.
Get Proposal →Pre-surveillance audit health checks identifying gaps before your third-party surveillance visit and protecting your certification status.
Get Proposal →Structured information security risk assessment identifying threats, vulnerabilities and control gaps across your information assets and systems.
Get Proposal →Design and implementation of information security policies, procedures and Annex A controls aligned to ISO 27001:2022 requirements.
Get Proposal →ISO 27701 implementation extending your ISO 27001 ISMS to cover privacy information management and GDPR compliance obligations.
Get Proposal →VAPT — Vulnerability & Penetration Testing
Independent VAPT assessments identifying real vulnerabilities before attackers do — covering web applications, networks, cloud environments and business systems.
OWASP-aligned web application penetration testing identifying injection flaws, authentication weaknesses, broken access controls and security misconfigurations.
Get Proposal →Internal and external network penetration testing identifying vulnerabilities across perimeter controls, firewalls, routers and network infrastructure.
Get Proposal →AWS, Azure and GCP cloud security posture assessments identifying misconfigurations, access control gaps, data exposure risks and compliance issues.
Get Proposal →Structured vulnerability assessment across IT systems, applications and infrastructure — prioritising findings by risk and providing remediation guidance.
Get Proposal →Adversary simulation exercises testing your detection, response and recovery capability against realistic cyber attack scenarios.
Get Proposal →Independent review of your security architecture identifying design weaknesses, control gaps and improvement priorities across your security programme.
Get Proposal →OT / ICS Security
Protecting industrial control systems, SCADA, PLCs and operational technology from cyber threats — across manufacturing, energy, rail, utilities and critical infrastructure.
Comprehensive OT/ICS security assessment identifying vulnerabilities across industrial control systems, SCADA platforms and operational technology networks.
Get Proposal →Specialist SCADA security review covering network segmentation, remote access controls, authentication and patch management across supervisory systems.
Get Proposal →Review of OT network architecture against IEC 62443 principles — identifying segmentation gaps, DMZ weaknesses and IT/OT convergence risks.
Get Proposal →Security assessments for rail signalling, traffic management and control systems — protecting safety-critical infrastructure from cyber threats.
Get Proposal →OT-specific incident response plan development covering detection, isolation, evidence preservation and recovery of industrial control systems.
Get Proposal →IEC 62443 industrial cybersecurity standard implementation and compliance support for OT environments across all industrial sectors.
Get Proposal →SOC 1 & SOC 2 Reporting
SOC 1 and SOC 2 readiness assessments and reporting support — demonstrating security, availability, confidentiality and privacy controls to enterprise clients.
Gap assessment against SOC 2 Trust Service Criteria — identifying control gaps and building a remediation roadmap before your Type 1 or Type 2 audit.
Get Proposal →End-to-end SOC 2 Type 1 and Type 2 report preparation support — from control design through to auditor liaison and report delivery.
Get Proposal →SOC 1 readiness assessment and SSAE 18 / ISAE 3402 reporting support for service organisations with financial reporting obligations.
Get Proposal →CMMI appraisal support and process capability improvement services for technology and software organisations seeking CMMI maturity levels.
Get Proposal →Privacy & GDPR Compliance
Structured GDPR compliance programmes, data protection frameworks and privacy governance — reducing regulatory risk and building data subject trust.
End-to-end GDPR compliance programme covering data mapping, lawful basis, privacy notices, consent mechanisms, DPIA and breach response.
Get Proposal →Independent data protection audit assessing GDPR compliance, data handling practices, access controls and breach response capability.
Get Proposal →Structured DPIA for high-risk processing activities — identifying privacy risks and implementing controls to meet GDPR Article 35 obligations.
Get Proposal →Data mapping exercises and Records of Processing Activities (RoPA) development to establish full visibility of personal data flows across the organisation.
Get Proposal →Data breach response planning and regulatory notification support — meeting 72-hour GDPR notification obligations and managing data subject communication.
Get Proposal →ISO 27701 implementation extending ISO 27001 to cover personal data processing obligations and privacy governance across the organisation.
Get Proposal →Computer Systems Validation (CSV)
GxP-compliant CSV programmes for life science organisations — ensuring computerised systems meet regulatory requirements and are fit for intended use.
End-to-end CSV programme design and execution covering URS, risk assessment, IQ/OQ/PQ and validation summary reports aligned to GAMP 5 and Annex 11.
Get Proposal →Compliance gap assessment and remediation for electronic records, electronic signatures and audit trail requirements under 21 CFR Part 11 and EU GMP Annex 11.
Get Proposal →Data integrity programme design covering ALCOA+ principles, audit trail controls, access management and data lifecycle governance for GxP environments.
Get Proposal →How AjaCertX Works With You
A structured engagement methodology — from initial assessment through to ongoing governance and continual improvement.
We assess your current information security posture against ISO 27001, GDPR, SOC 2 or your target framework — identifying all gaps with a prioritised remediation roadmap.
Structured information security risk assessment covering threats, vulnerabilities, likelihood, impact and existing controls across your information assets.
Design and implementation of policies, procedures, Annex A controls and governance frameworks aligned to your target standard or regulation.
VAPT assessments, OT security reviews and control testing — validating that implemented controls are effective and working as designed.
Audit preparation, evidence packaging and liaison with your certification body — driving first-time ISO 27001, SOC 2 or Cyber Essentials success.
Ongoing surveillance preparation, annual risk reviews and continual improvement — maintaining your security posture and certificate long-term.
Knowledge For Your Team
The root causes behind failed ISO 27001 certifications — and what information security teams must address before audit.
Read More →How to assess and strengthen operational technology cyber security across manufacturing, energy and rail environments.
Read More →The most common GDPR compliance gaps identified during data protection audits — and how to address them.
Read More →Our ISO 27001 lead auditors walk through surveillance requirements, Annex A controls and how to maintain certification.
Read More →