I didn't receive the verification or invite email.

Wait two minutes, then check spam and quarantine. Search for sender domain iso-standard.app. If still missing, ask your workspace owner to resend the invite, or use Forgot password to trigger a fresh email. Allow-list noreply@iso-standard.app in your mail filter.

I lost access to my authenticator app.

Use one of the backup codes you saved during MFA setup on the MFA verify screen. If you don't have backup codes, ask a workspace owner or admin to remove your MFA factor from Admin → Users; you'll set up a new one on next sign-in.

Sign-in succeeds but I land on a blank Choose a plan screen.

Your account has no workspace yet. Either click View plans to subscribe and create your first workspace, or ask an existing workspace owner to invite you — invites attach you to their workspace without needing a separate plan.

I can't see the Admin or Team page.

Admin is restricted to owners and admins; Team is hidden for the public demo account. Ask the workspace owner to promote you (Team → Change role → Admin).

My risk score isn't updating on the heatmap.

The heatmap reflects residual scores by default. Toggle Inherent in the heatmap header, or open the risk and update Residual likelihood / impact, then Save. A hard refresh clears any cached view.

How do I try the app without signing up?

Use the Try the demo button on the home page. It signs you into a read-only demo workspace seeded with sample risks, controls and assets, with MFA bypassed.

ISO-STANDARD.app

User guide & troubleshooting

User Guide & FAQ

Step-by-step guides for the most common tasks in ISO-STANDARD.app — creating a workspace, picking your standard, inviting your team, scoring risks, and producing audit-ready reports. Plus answers to the questions we get most often.

Create an account and sign in

Read guide

Set up two-factor authentication (MFA)

Read guide

Create a workspace (organisation)

Read guide

Choose or change an ISO standard

Read guide

Invite users to your workspace

Read guide

Add an asset

Read guide

Add a risk and score it

Read guide

Add controls and treatments

Read guide

Read and filter the heatmap

Read guide

Generate audit-ready reports

Read guide

Manage your plan and billing

Read guide

User guide

Create an account and sign in

All workspaces require a verified email and two-factor authentication. Setup takes about two minutes.

1
Go to the sign-in page
From the home page click Sign in (top right) or open /auth directly.
2
Choose Sign up
Enter your work email and a strong password, or continue with Google.
3
Verify your email
Open the verification email we send you and click the link to activate your account.
4
Sign in
Return to the sign-in page and enter your credentials.

Two-factor authentication

Scan this QR code

Open your authenticator app (1Password, Authy, Google Authenticator) and scan.

•

Verify and enable

Set up two-factor authentication (MFA)

MFA is mandatory on every workspace except the public demo account. You'll be prompted on first sign-in.

1
Open your authenticator app
Use 1Password, Authy, Google Authenticator, or any TOTP-compatible app.
2
Scan the QR code
On the MFA setup screen, scan the QR code shown in the app.
3
Enter the 6-digit code
Type the rotating code from your authenticator to confirm.
4
Save backup codes
Store the recovery codes somewhere safe (a password manager is ideal).

Open the app to follow these steps live.

Create a workspace (organisation)

A workspace holds one organisation's risk register, assets, controls and team. You can run multiple workspaces from the same account — useful for consultancies serving several clients.

1
Open the workspace switcher
In the sidebar, click your current workspace name to open the switcher.
2
Choose New workspace
Select "+ New workspace" at the bottom of the menu.
3
Name your organisation
Use the legal entity name where possible — it appears on exported reports.
4
Pick the primary ISO standard
This sets up the default control library. You can add more standards later.
5
Click Create workspace
You'll land in the new workspace as its owner.

ISO-STANDARD.app › New workspace

New workspace

Organisation name

Acme Corp

ISO standard

ISO 27001 — Information security

CancelCreate workspace

Choose or change an ISO standard

Each workspace has a primary standard that drives its control library. Supported: ISO 27001, 27017, 27018, 27701, 22301, 31000, 9001, 14001, 45001, 42001, 20000-1, SOC 2, GDPR, PCI-DSS, Cyber Essentials, Cyber Essentials Plus, plus Custom.

1
Open the New workspace dialog
From the workspace switcher choose + New workspace.
2
Open the ISO standard dropdown
All supported standards are listed alphabetically by family.
3
Select your standard
The matching control library is loaded automatically.
4
Need a different framework later?
Create a second workspace for the additional standard, or contact us to merge libraries.

Workspace switcher

Workspaces

Acme Corp

ISO 27001 · owner

Northwind Ltd

ISO 9001 · admin

Globex Cloud

ISO 27017 · member

New workspace

Invite users to your workspace

Invite teammates, auditors or clients with one of four roles: owner, admin, member or viewer. Seat limits depend on your plan — see Account & billing.

1
Open the Team page
From the sidebar choose Team.
2
Click Invite member
Enter the recipient's email and select a role.
3
Send the invitation
We email a one-time invite link valid for 7 days.
4
They accept and join
On accepting, they'll be prompted to set up MFA before reaching the workspace.

Team — invite a member

Team

Invite collaborators to this workspace.

+ Invite member

EmailRoleStatus

alex@acme.comownerActive

priya@acme.comadminActive

jordan@acme.commemberInvited

Add an asset

Assets are anything that has value to the organisation — systems, data sets, suppliers, premises. Risks attach to assets.

1
Go to Assets
Open the Assets page from the sidebar.
2
Click + Add asset
Give it a name, owner, type and criticality (low / medium / high).
3
Save
The asset is now available when creating risks and controls.

Open the app to follow these steps live.

Add a risk and score it

Risks are scored on a 5 × 5 likelihood × impact matrix. Inherent and residual scores are tracked separately so you can show the effect of treatment.

1
Open Risk register
Sidebar → Risk register.
2
Click + Add risk
Enter a clear title and description (cause → event → consequence works well).
3
Score likelihood and impact
Choose values from 1 (very low) to 5 (very high). The score auto-calculates.
4
Link assets and controls
Attach affected assets and the controls that mitigate the risk.
5
Save
The risk appears on the heatmap immediately.

Add risk

New risk

Title

Phishing of staff credentials

Likelihood

4 — Likely

Impact

3 — Moderate

Linked control

A.5.17 — Authentication information

Save risk

Add controls and treatments

Each workspace ships with the control library for its primary standard (e.g. Annex A for ISO 27001). You can mark controls as applicable, assign owners, and record evidence.

1
Open Controls
Sidebar → Controls.
2
Filter by clause or domain
Use the left filter to narrow to a clause family (A.5, A.6, …).
3
Mark applicability
For each control choose Applicable / Not applicable and add a justification.
4
Assign an owner
The owner is responsible for evidence and review.
5
Attach evidence
Upload documents or paste links. Evidence is timestamped for audit.

Open the app to follow these steps live.

Read and filter the heatmap

The 5 × 5 heatmap is the fastest way to spot concentration of risk. Hover any cell to drill into the underlying risks.

1
Open Risk register → Heatmap
The view defaults to residual scores.
2
Toggle inherent / residual
Use the toggle in the header to compare before and after treatment.
3
Filter by owner or asset
Use the toolbar filters to slice by accountability.
4
Click a cell
Drill straight into the matching risks.

Risk heatmap — 5 × 5

Heatmap

Likelihood →Impact ↑

Generate audit-ready reports

Reports compile your register, controls and evidence into PDF or CSV — formatted for ISO auditors and senior management.

1
Open Reports
Sidebar → Reports.
2
Choose a template
Risk register, Statement of Applicability, Treatment plan, Heatmap snapshot.
3
Set the scope
Date range, owner, clause or asset filters.
4
Export
PDF for sharing, CSV for further analysis. Exports are watermarked with the export time.

Open the app to follow these steps live.

Manage your plan and billing

Plans are billed per workspace via Paddle. You can upgrade, downgrade or cancel at any time from Account & billing.

1
Open Account & billing
Sidebar → Account & billing.
2
Pick a plan
Compare features and seat limits on the Pricing page.
3
Checkout
You'll be redirected to Paddle's secure checkout.
4
Manage your subscription
Update payment method, download invoices, or cancel — all from the same page.

Open the app to follow these steps live.

Troubleshooting

Common issues and the fastest way to resolve them. If something here doesn't match what you're seeing, email support from the address on your account.

Still stuck?

Open the demo to explore a fully populated workspace, or contact support.

User Guide & FAQ

User guide

Create an account and sign in

Set up two-factor authentication (MFA)

Create a workspace (organisation)

Choose or change an ISO standard

Invite users to your workspace

Add an asset

Add a risk and score it

Add controls and treatments

Read and filter the heatmap

Generate audit-ready reports

Manage your plan and billing

Troubleshooting

I didn't receive the verification or invite email.

I lost access to my authenticator app.

Sign-in succeeds but I land on a blank "Choose a plan" screen.

I can't see the Admin or Team page.

My risk score isn't updating on the heatmap.

Checkout failed or I was charged but no plan appeared.

How do I try the app without signing up?

How do I delete a workspace or my account?