ISO 27001 software, ready on day one
A purpose-built ISO 27001 software platform with the risk register, Annex A:2022 controls catalogue, policy library, Statement of Applicability and audit exports already wired together — so you spend time treating risk, not building the tool.
The problem with most ISO 27001 tooling
Teams chasing ISO 27001 certification usually fall into one of two traps. The first is the spreadsheet trap: a risk register in one file, a controls log in another, policies in a shared drive, and a Statement of Applicability that nobody can reconcile to either. By audit week, nothing matches and someone is up at 2am copy-pasting.
The second is the enterprise GRC trap: six-figure annual contracts, a four-month implementation, and a consultant on retainer who configures every drop-down. The tool is powerful — but you are now running a GRC project instead of an ISMS.
Neither path is what ISO/IEC 27001 actually asks for. The standard wants evidence that your organisation identifies information security risks, picks treatment options, applies controls from Annex A, documents the decision, and reviews it on a cadence. That is a workflow, not a software stack.
A focused ISO 27001 platform
ISO-STANDARD.app is ISO 27001 software designed around the certification workflow itself. Every screen exists because an auditor will ask about it. Nothing exists that does not earn its place. The result is a tool small and medium teams can adopt in a day and still take to a UKAS-accredited Stage 2 audit.
The risk register, Annex A controls catalogue, policy library, Statement of Applicability and management review pack are pre-loaded and pre-linked. You pick a scope, edit the policies your organisation needs to change, score your top risks, and the SoA writes itself from the treatment decisions you made.
What's in the box
Risk register with the 5×5 model
Annex A:2022 controls catalogue
Policy library
Risk → control → policy traceability
Management review pack
Evidence vault
Who it's for
Pain: Procurement is gating the contract on an ISO 27001 certificate and the CTO is the de facto ISMS manager.
With ISO-STANDARD.app: A 60–90 day path to a Stage 2 audit, with the SoA, risk register and policies the auditor expects already in place.
Pain: Three years of patchwork — old register, drift between policies and reality, no clear owner per control.
With ISO-STANDARD.app: One canonical workspace where risks, controls, policies and evidence are linked. Drift becomes visible, not invisible.
Pain: Every client gets a bespoke spreadsheet stack; handovers are painful and audits look different every time.
With ISO-STANDARD.app: A repeatable workspace per client with the same exports, the same controls catalogue and the same review cadence.
Why teams pick ISO-STANDARD.app over GRC suites
- One standard, done well. Built for ISO 27001 first, not a 12-framework swiss army knife where 27001 is a tab.
- No implementation project. Sign up, pick scope, you are working inside the ISMS in under an hour.
- No consultant lock-in. The data model and exports are standard formats your auditor or your next tool can read.
- Transparent pricing. No "contact sales" wall. Monthly, cancel any time.
Start your ISO 27001 ISMS today
Spin up a free workspace with the risk register, Annex A controls, policies and Statement of Applicability already wired together. Bring an auditor when you are ready.
Prefer a conversation? Email hello@iso-standard.app — a practitioner responds within one business day.