ISO 27001 certification, a living ISMS, and a stronger security posture for Brandpie

Brandpie is a global brand and corporate identity consultancy, headquartered in London with global offices in EMEIA, the Americas and Asia. They work with some of the most recognisable organisations in the world at moments of pivotal business moments, exactly the sort of work that hinges on client trust and the careful handling of sensitive information.

Already working with LeftBrain for IT support, Cyber Essentials and Cyber Essentials Plus, Brandpie turned to us when ISO 27001 became the next step on their security journey. We led them through certification, built their Information Security Management System (ISMS) in Notion, and layered in 24/7 security operations and vCISO oversight to keep the standard live long after the audit.

“We’re a fast-growing business and we work with larger clients now. Larger clients have higher expectations of how we manage their data and our information security. ISO 27001 was a natural next step for our business.”

The challenge: meeting rising client expectations as the business scales

Brandpie had grown quickly over the years, and Cyber Essentials Plus already gave them a solid baseline. But as the client base shifted towards larger, more regulated enterprises, the level of scrutiny shifted with it. Detailed information security questionnaires were arriving earlier in the buying process, and prospective clients wanted to see internationally recognised assurance, not just attestations.

For Wayne, ISO 27001 was the logical answer, and “a natural next step” for a business now working with bigger names and tighter expectations. It also had to be done in a way that didn’t disrupt client delivery or feel like compliance theatre.

The solution

Strategic: A natural next step on a long-running partnership

LeftBrain has worked with Brandpie for more than a decade. The relationship started with hands-on IT support and matured through Cyber Essentials, Cyber Essentials Plus, and a steadily expanding security and infrastructure footprint. ISO 27001 was the next logical milestone, and Wayne’s team wanted the partner who already understood how Brandpie operates to take them through it.

We framed the work not as a certificate to win, but as a framework to embed: aligned to the business, calibrated to a 100% Mac estate, and designed to scale with Brandpie’s growth. As one of a small number of NCSC Assured cyber security consultancies in the UK, we brought the gravitas of an enterprise advisor without the cost or bureaucracy of one. This strategic foundation ensured identity management would become an enabler of the business rather than simply an operational control.

Tactical: a living ISMS built in Notion

Rather than bolt yet another platform onto Brandpie’s stack, we stood up the ISMS inside Notion, the tool the business already worked in every day. Policies, controls, evidence and reviews live where people will actually see them, mapped clause-by-clause to the 2022 standard. Underneath the ISMS, we aligned identity and access management to a Zero Trust model, deployed extended detection and response (XDR) across the Mac estate, and built a clear control map between what the technology does and what the standard requires.

For Wayne, the biggest shift was visibility. Surfacing the structure was, in his words, “a real eye-opener for the team.”

“It was a real eye-opener for the team to see all of the documentation, all of the structure, all of the cyber security processes and threats and how we manage them.”

The day-to-day support relationship never disappeared while the bigger programme ran. “Whenever something happens,” says Seth Kazzim, IT Support Specialist at Brandpie, “all I have to do is reach out to Ben and he’s immediately on it, ready to help. That’s a really reassuring feeling.”

Alongside certification, we layered in 24/7 security operations cover and a vCISO service, so ISO 27001 is a posture that continues to be monitored, tested and matured, not a project that finished.

The results speak for themselves

• ISO 27001:2022 certification achieved, alongside existing Cyber Essentials and Cyber Essentials Plus accreditations
• A live ISMS built in Notion, mapped to the 2022 standard and used by the team rather than filed away
• Clearer internal processes and clearly defined roles and responsibilities across the business
• Stronger team awareness of cyber security risk, particularly important in an era of AI-driven threats
• A confident, structured response to enterprise client due diligence and information security questionnaires
• Continuity of cover through 24/7 security operations and vCISO oversight, keeping the standard live

“I 100% would recommend LeftBrain. From the get-go they were friendly, welcoming, and any questions I had were answered with a great deal of explanation. They’re also very communicative, and the response time is so quick, which is amazing”