CISO as a Service
We provide organizations with a Chief Information Security Officer service, also known as CISO-as-a-Service. This solution is suitable for companies where the CISO role is handled alongside other responsibilities or where there is no need for a full-time information security manager.
Information security management requires broad expertise in risk management, compliance, technical controls, training, and crisis management. Through our service, your organization gains access to the knowledge and experience of several specialists with different skill sets.
The service includes:
The scope and cost of the service depend on the size, industry, and needs of the organization. The minimum service volume is 8 hours per month.

ISO 27001
Internal Audit
We conduct ISO 27001 internal audits to assess whether your organization’s information security management system complies with the requirements of the standard. An internal audit helps identify gaps, evaluate certification readiness, and plan the necessary improvement activities.
The service includes:
For organizations with up to 50 employees, the typical workload is 22 hours. This includes three three-hour on-site sessions and preparation of the audit report.
For organizations with more than 50 employees, the scope is agreed separately based on the company’s industry, complexity, and the scope of the information security management system.
Implementation
We guide organizations throughout the entire ISO 27001 certification process — from initial assessment to preparation for the external audit.
We help develop and implement an information security management system that meets ISO 27001 requirements and supports the organization’s actual business needs.
The service includes:
The project workload depends on the size of the company, its industry, existing documentation, and how much internal human resource the organization is able to allocate.
Typically, the ISO 27001 implementation process takes 4–12 months and ends with an external audit. After successfully passing the audit, the company is issued an ISO 27001 certificate.

NIS2 Compliance Assessment
We help assess an organization’s compliance with the requirements of the European Union NIS2 Directive. This service is suitable for companies that want to understand their current cybersecurity maturity, identify gaps, and plan the necessary improvement activities.
The service includes:
The workload depends on the size of the organization, its industry, technological complexity, and existing security measures.
Information Security Risk Assessment
We help organizations identify, assess, and mitigate information security risks that may affect sensitive information, business processes, and critical infrastructure.
A risk assessment gives management a clear overview of key threats, their potential impact, and the required mitigation activities.
The service includes:
The workload depends on the size of the company, its industry, the complexity of its processes, and how much the organization is able to involve its own people.
Let’s talk
Being among the first to offer cloud-based contact center systems already in 2002 we believe in excellence in customer service as one of the most important business fundamentals.
Our cloud-based services are used globally and our systems help serve clients 24/7.
Get answers to your unique questions, we’re here to help.
Email us at info@prominion.eu
© 2026 PROMINION OÜ





