"HEIC LTD made the implementation of ISO 27001 easy and understandable. They explained everything clearly, guided us step by step, and we passed the audit with an excellent score. As a result, we now have a stable risk management framework and a stronger information security culture. The certificate itself helps us with our customers, as we work in a very conservative and demanding industry. I have already recommended HEIC LTD to colleagues from other companies."
Compliance
without the guesswork.
From your first ISO 27001 certification to DORA, NIS2 Directive, and beyond — HEIC provides expert guidance that takes your organisation from gap analysis to audit-ready, with zero guesswork.
Comprehensive Compliance Solutions
End-to-end consulting for EU regulatory frameworks and international management standards.
ISO 27001 Certification
Build and certify an Information Security Management System with expert-led consulting from gap analysis to successful audit.
Learn moreNIS2 Directive
Meet the EU's expanded cybersecurity requirements — from supply chain due diligence to incident reporting obligations.
Learn moreDORA Compliance
Achieve digital operational resilience for financial entities — covering ICT risk management, testing, and third-party oversight.
Learn moreISO 42001 - AIMS
Implement, govern, or scale responsible AI management systems to manage risks and ensure ethical, transparent, and trustworthy artificial intelligence.
Learn moreUnderstand where your organization stands on the path to ISO 27001.
How We Work With You
From initial diagnostics through implementation to ongoing assurance.
Practical support at every stage.
Diagnostics & Gap Analysis
We assess where you stand against the relevant standard or regulation, identify gaps, and map a clear path forward.
Implementation
We build your management system or compliance programme alongside your team — practical, not theoretical.
Audit Preparation
Rigorous documentation reviews and internal audits to identify every last gap. We ensure your ISMS is airtight before the auditors arrive.
Ongoing Support
Surveillance audit preparation, policy updates, and regulatory monitoring. Compliance does not end at certification.
We also deliver tailored training and awareness programmes — from management and security awareness to internal auditor skills. 300+ sessions delivered and counting.
Results That Speak for Themselves
Spanning ISO 27001, ISO 9001, DORA, NIS2 Directive and others—providing tailored compliance and certification solutions for organisations of every size, from startups to regulated enterprises.
Our clients pass certification audits and regulatory assessments first time, with clean reports. We don't move to the final audit stage until we know you are ready.
Operating since 1999, we've navigated every major shift in global standards and regulations. We bring deep, proven expertise to your project—not a learning curve.
Trusted by Organisations Across Bulgaria and the EU
"HEIC LTD delivered exceptional results on our ISO 27001 certification journey. From initial gap analysis to final audit, they provided clear guidance and practical solutions tailored to our business needs. Their consultants were responsive, knowledgeable, and made complex compliance requirements accessible to our entire organization. An invaluable partnership we're grateful for."
"HEIC LTD made our ISO 27001 certification process smooth and stress-free. Their expert guidance, clear roadmap, and practical tools helped us achieve certification with zero nonconformities. Beyond compliance, they strengthened our overall security culture and boosted client trust. A truly professional and results driven partner."
Ready to achieve compliance?
Our consultants have guided over 500 organisations through certification and regulatory compliance. Let us help you get there.
- Tailored scoping based on your goals, timeline and risk profile
- Independent, practical advice focused on what works for your organisation
- End-to-end support from initial assessment through certification
- Transparent pricing — no surprises, no hidden fees
We work across 12+ international management standards and EU regulatory frameworks.
Talk to an ExpertRequest Free Consultation
We'll get back to you within one business day.
News & Articles
Third-Party Risk Management: Why Your Vendors Are Your Biggest Cyber Threat
Vendor-related breaches now cause 30% of all incidents. Learn how to build a resilient TPRM programme aligned with ISO 27001, NIS 2, and DORA.
Read the article →Key Findings from ENISA Threat Landscape 2025 Report
The ENISA Threat Landscape 2025 Report reveals 79.4% of EU cyberattacks are ideology-driven, not financially motivated. See the real threats, targets, and entry points.
Read the article →A New Era for Privacy: ISO/IEC 27701:2025 Re-Engineers Global Privacy Management
ISO/IEC 27701:2025 is now a standalone privacy standard, decoupled from ISO 27001. Learn what changed and what the new edition means for your organisation.
Read the article →