GRC software built around ISO — and priced so you can start today

Governance, risk and compliance in one workspace. Manage risks, controls, policies, evidence, internal audits, corrective actions and management reviews across ISO 27001, ISO 42001, ISO 9001 and SOC 2 — without a multi-month rollout or a sales call.

What you get

Risk register with 5×5 scoring

Inherent and residual risk, treatment plans, ownership, review cadence — aligned to ISO 31000 and ISO 27005.

Control library, Annex A ready

ISO 27001:2022 Annex A pre-loaded. Add SOC 2, ISO 42001, ISO 9001 controls. Traceable risk → control → policy → evidence.

Policies, evidence & Statement of Applicability

Draft, publish and version policies. Attach evidence. Auto-assemble the SoA.

Internal audit, CAPA & management review

Plan audits, log findings, drive corrective actions, run management reviews with agendas and minutes — natively.

Roles, MFA & audit log

Owner / admin / member roles, multi-factor auth, and an append-only audit trail for the audit committee.

AI governance built in

ISO 42001 controls and AI-risk playbook so you cover model, data and vendor risk in the same GRC workflow.

Who uses it

Head of Security / ISMS lead

Pain: A shared drive of policies, spreadsheets of risk, and a scramble every audit cycle.

With ISO-STANDARD.app: One workspace that survives auditor scrutiny, with evidence and traceability in place year-round.

Compliance manager, scale-up

Pain: Board asked for SOC 2 and ISO 27001 next quarter, budget is tight, and a six-figure GRC contract is off the table.

With ISO-STANDARD.app: Self-serve start, published pricing, and audit-ready workflow the same day.

AI programme lead

Pain: Legal wants ISO 42001, engineers ship models weekly, and no one owns AI risk.

With ISO-STANDARD.app: A single register that covers information security and AI risk, with model, data and vendor risk in one flow.

Quality manager (ISO 9001)

Pain: Two systems: one for infosec, one for quality — with duplicate audits and duplicate evidence.

With ISO-STANDARD.app: Single workspace covering ISMS + QMS with shared audits, CAPAs and management reviews.

How it compares

See how we stack up: vs Vanta, vs Drata, vs Secureframe, or explore the risk assessment view and compliance automation.

Start your GRC programme today

No sales call. No credit card. Load the ISO 27001 catalogue, register your first risks, and be in audit-ready shape by the end of the day.

Prefer a conversation? Email hello@iso-standard.app — a practitioner responds within one business day.

MM
Michael McCarroll
Founder · 25+ years
IT governance · Information security · AI
Why this platform exists

Enterprise-grade governance — built for the SMEs and consultants enterprise GRC forgets.

I've spent 25 years in corporate governance — aligning technology, controls and compliance with what the business is actually trying to do. Time and again, the same pattern: the organisations that win new clients aren't the ones with the biggest GRC budget. They're the ones who can demonstrate trust on demand. This platform is the tool I wanted for the SMEs and consultants I've worked with — institutional-grade governance without an institutional price tag, built on the way audits and buyer reviews actually happen.