How Mesh-AI achieved ISO 27001 certification in just six months

Mesh-AI is a specialist data and AI consultancy that partners with organisations to unlock the value of their data and deliver business-defining outcomes. Working across highly regulated industries like financial services and energy, the team knew that demonstrating a robust approach to information security would be essential to building trust and scaling the business. ISO 27001 certification quickly became a strategic priority to not just meet customer expectations but unlock larger, longer-term opportunities. 

The Challenge 

As a relatively young company—just three years old—Mesh-AI found itself navigating a common but critical hurdle: proving its information security credentials to prospective enterprise customers. With a growing client base in heavily regulated sectors, the team faced increasingly stringent supplier security requirements. 

“When talking with one of our clients it was flagged that in order to carry out work beyond the PoC, we needed to be ISO certified to show that we were able to demonstrate our compliance with their strict supply chain requirements.”

Tom Mahoney, Operations & Staffing Director at Mesh-AI

Although Mesh-AI already had a foundational information security policy, it didn’t meet the depth or structure required by ISO 27001. The team recognised that achieving certification would not only demonstrate their commitment to security, it would give them a competitive edge in securing multi-year, high-value contracts. 

“We had one extensive infosec policy, which did capture the majority of what we needed, but [with ISO 27001] we were essentially going from a standing start.”

Tom Mahoney, Operations & Staffing Director at Mesh-AI 

The Solution 

To fast-track their path to ISO 27001 certification, Mesh-AI turned to the ISMS.online platform. The team used it to structure their compliance journey, from initial planning to successful audit with one centralised, easy-to-use system. 

They began by customising ISMS.online’s pre-written policy and control templates using the platform’s ‘Adopt, Adapt, Add’ approach, aligning them with Mesh-AI’s internal processes and saving valuable time and effort. 

“The adopt, adapt, add templates were perfectly aligned with our processes and made for quick work.”

Tom Mahoney, Operations & Staffing Director at Mesh-AI  

Automation features played a key role in staying on track. Task reminders helped ensure deadlines weren’t missed, and role-based access allowed teams beyond the core infosec group, like HR, to contribute directly to the platform. This meant tasks didn’t pile up with a small number of people, and progress could continue across departments. 

In turn, this allowed Mesh AI and the team to focus on implementing the information security controls and policies required for ISO 27001.  

“Having everything in one place where we can navigate quickly and update things quickly really helps. The auto-reminders are a game changer because otherwise, tasks would probably sit there until we remember they exist.”

Tom Mahoney, Operations & Staffing Director at Mesh-AI

Throughout the journey, Mesh-AI had support from the ISMS.online team whenever they needed it, ensuring they stayed confident and compliant every step of the way. 

“Any questions we had, either Louis answered them or escalated where needed.”

Tom Mahoney, Operations & Staffing Director at Mesh-AI

The Result 

In just six months, Mesh-AI achieved ISO 27001 certification—going from a basic infosec policy to a fully operational ISMS with no non-conformities at audit. The certification was completed with Alcumus ISOQAR, an ISMS.online auditor partner. 

“We’ve managed to go from zero to [ISO 27001] certification in six months.” 

Tom Mahoney, Operations & Staffing Director at Mesh-AI

Certification has already begun opening new doors for Mesh-AI—giving clients the assurance they need, strengthening the company’s credibility in regulated markets, and positioning the business to secure larger, more complex contracts in future.