100% Hosted in the eu
ISOPlanner™ includes a complete ISO 27001 framework with all 93 Annex A controls pre-mapped, structured, and ready to assign to your team from day one. No blank documents. No manual control translation. When you are ready to expand, ISOPlanner™ supports 50+ international standards from the same environment.
The AI Assistant reads your active controls and generates specific, actionable tasks for the right team members. ISO requirements become owned work items, not documents someone has to interpret. For most organisations, it reduces or eliminates the need for external consultants throughout implementation.
Identify, assess, and document information security risks using a configurable scoring model. Risks are treated, accepted, or transferred with a full audit trail. The risk register lives in SharePoint and is accessible to auditors at any time, without exports or last-minute preparation.
ISOPlanner™ automates evidence collection for two of the most frequently tested ISO 27001 controls: Microsoft Entra ID MFA Check, which verifies multi-factor authentication status across your user base, and Microsoft Secure Score, which pulls your current score and maps it directly to relevant ISO 27001 controls. Manual evidence gathering for these controls is eliminated entirely.
Schedule internal and external audits directly in ISOPlanner™. Prepare evidence packages, track open findings, and coordinate auditor access to your SharePoint documentation. Nothing is assembled at the last minute.
Instant 27001 deploys a complete ISMS to your SharePoint environment and ISOPlanner™ in one click. It includes policies, procedures, a risk register, and evidence templates, all pre-structured to the ISO 27001 standard. Most organisations are audit-ready within three months. Organisations that implement Instant 27001 achieve a 100% first-time certification success rate. Guaranteed.
01.
What is the scope of an ISO 27001 Information Security Management System?
ISO 27001 Clause 4.3 requires organisations to define the scope of the ISMS by considering internal and external issues, interested party requirements, and interfaces and dependencies. The scope document sets the boundary of the ISMS, specifying which parts of the organisation, systems, and locations are covered. A clear scope is a prerequisite for certification. ISOPlanner™ includes a scope definition template that guides you through the Clause 4 context analysis step by step.
02.
What is the Statement of Applicability (SoA) and why is it required?
The Statement of Applicability is a mandatory document under ISO 27001 Clause 6.1.3 that lists all 93 Annex A controls, states whether each is applicable or excluded, and provides the justification. The SoA bridges risk assessment and control implementation, and is always the first document auditors request. In ISOPlanner™ you can generate and maintains the SoA as controls are implemented and risk treatment decisions are recorded.
03.
How does the ISO 27001 risk assessment process work?
ISO 27001 Clause 6.1 requires identifying information security risks, analysing and evaluating their likelihood and impact, and producing a risk treatment plan that addresses accepted risks. Organisations must define their own risk assessment methodology and apply it consistently. ISOPlanner™ provides a built-in risk register and treatment plan that walks you through the full risk process and links each risk to the relevant Annex A controls.
04.
What is the difference between corrective action and continual improvement in ISO 27001?
Corrective action (Clause 10.1) addresses identified nonconformities: finding root causes, implementing fixes, and verifying effectiveness. Continual improvement (Clause 10.2) is an ongoing commitment to enhance the ISMS over time, driven by monitoring results, internal audits, and management reviews. ISOPlanner™ provides a nonconformity register for corrective actions and an annual improvement plan linked to management review outputs.
05.
How long does ISO 27001 certification typically take?
For most organisations starting from scratch, the full journey takes six to twelve months: gap assessment, risk assessment, control implementation, internal audit, management review, and a two-stage certification audit. Organisations with strong existing security practices or an ISO 9001 base can move faster. ISOPlanner™ accelerates the process with pre-built templates, automated evidence collection, and a structured implementation roadmap.
06.
What happens at an ISO 27001 management review?
ISO 27001 Clause 9.3 requires top management to review the ISMS at planned intervals. The review must cover ISMS performance, risk assessment results, audit findings, stakeholder feedback, incidents and nonconformities, and opportunities for improvement. Auditors look for direct evidence of management engagement. ISOPlanner™ includes a management review template that captures all required inputs and outputs in a single session.
07.
How does ISOPlanner™ support ongoing ISO 27001 compliance after certification?
Certification is not a one-time event. ISOPlanner™ keeps your ISMS active between audits by automating evidence collection across all 93 Annex A controls, scheduling internal audit cycles, tracking corrective actions and their deadlines, and generating management review inputs. Surveillance audits are required in years 1 and 2, with recertification in year 3. ISOPlanner™ ensures your ISMS stays audit-ready throughout the full three-year cycle.
Log in to your ISOPlanner™ workspace, or start a free trial.
Log in Start your free trial
