Standard · ISO/IEC 27001:2022
ISO 27001, run as a four-stage workflow.
One workspace that walks an organisation from Annex A scoping through the management review meeting minutes. Roles split across creator, business liaison, GRC liaison and control owner. Editing follows the platform billing state.
Sign in and open ISO 27001
First month free. No card required.
The four stages.
- Stage 1 — Initial assessment and scoping
- Answer a questionnaire that determines which Annex A controls apply to your organisation.
- Review the inline Statement of Applicability and edit per-control justification.
- Submit. Stage 1 is the hard gate — the remaining stages unlock once it is submitted.
- Stage 2 — Document readiness
- Open the catalog of every ISMS document required for certification, sourced from the ISMS Master Document Matrix.
- For each document, record its status — Available, Partial, Not Available, N/A.
- Optionally upload a controlled copy.
- Generate the Document Readiness Report.
- Stage 3 — Control mapping and internal audit
- Capture evidence per control, assign owners, and upload files.
- Use AI-assisted policy generation alongside to draft any missing policies.
- The GRC liaison fills the internal audit findings column — compliance status, consultant notes, required actions.
- Stage 4 — Management review
- Walk a wizard that mirrors the ISO 27001 management review meeting minutes template.
- Each agenda item auto-prefills from the live assessment — audit findings, corrective actions, control status, objective fulfilment.
- Generate a .docx minutes document. Multiple historical reviews are retained per assessment.
Self-serve, or guided by a consultant.
- Self-serve
- Your team holds every role. The creator, business liaison, GRC liaison and control owners are all teammates you assign. No external party joins the workspace. You pay only the platform fee.
- Guided
- An independent consultant from the SME directory joins as the GRC liaison. They sit inside the same workspace and review the audit findings — compliance status, consultant notes, required actions — while your team owns the implementation columns. You pay the platform fee plus the consultant's review fee, prorated by the day.
Two rates. One while you work. One after.
Activewhile controls and evidence are in motion.
Passiveonce the audit ships and the workspace becomes a read-only record.
Mode
Active
Passive
Self-serve
Your team runs the workflow end to end.
$550 / month
$30 / month
Guided
Platform fee plus an independent consultant from the SME directory. Browse rates after you sign in.
See directory
See directory
Rates shown are indicative. The exact daily number is displayed inside the product before any assessment is launched.
How the meter actually runs.
- Why two rates
- ISO 27001 readiness runs over months, not days. The meter is split so you pay full rate while controls and evidence are still in motion, and a much lower rate once the audit ships and the workspace becomes a read-only record.
- Prorated daily
- Charges accrue by the day. No annual contract. No per-seat fee. Cancel any time and the meter stops on the cancel date.
- First month free
- The first assessment on your first workflow is free for the first month. No card required at sign-up.
- Switch when the audit ships
- Flip the assessment to passive and the meter drops to the lower rate. The SoA, controls and evidence stay accessible and exportable.