Security you can audit, not just take on trust

ISOPlanner™ is ISO 27001 certified, hosted in the EU, and engineered around security
Book A Demo
Certified to the Standards We Support
Hosted in EU IconHosted in EU IconHosted in EU IconHosted in EU Icon
need-to-know by design

We Are Built to Ask for The Least Access Possible

Our platform is designed to request only the access it needs, just enough for a seamless, integrated experience. We extend that same care to your privacy, limiting internal access to customer data to a strict need-to-know basis. And we keep our footprint minimal, retaining as little customer data as possible and running on the fewest privileges required.

External Auditing

Security you can audit means proof from outside our own walls. ISOPlanner™ is ISO 27001 certified across all controls, and we commission independent penetration testing every year to confirm those controls hold up in practice, not just on paper.

ISO 27001 certified across all controls
Independent penetration testing, performed every year

1
Embedded ML
API Calling ML
2

Authentication and Single Sign-on

Single sign-on is built in by default: ISOPlanner™ is accessed exclusively through Microsoft 365 accounts. That means your sign-in inherits whatever multi-factor authentication (MFA) you already enforce on Microsoft 365 automatically, with nothing extra to configure.

Data Storage - 100% Hosted in EU

ISOPlanner™ and its data are hosted in Microsoft Azure, in the West Europe region (the Netherlands). Document data such as your policies and evidence stays in your own SharePoint environment, never leaving the infrastructure you already control. Microsoft designs and manages this Azure foundation to meet a broad set of international and industry-specific compliance standards, including ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.

3
ML Platform
API Calling ML
4

Country or Region Specific

Beyond those international frameworks, Azure also meets country- and region-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS. Rigorous third-party audits, such as those by the British Standards Institute, verify adherence to the strict controls these standards mandate.

For the full list of standards Azure meets: see the compliance offerings.

Data Encryption

Your data is protected the entire time we hold it, whether it's moving or stored. Every connection from your browser to ISOPlanner™ is encrypted in transit using TLS 1.2 and SHA-256 with RSA, and all stored data is encrypted at rest, when no one is even using it.

5
ML Platform
API Calling ML
6

Data Backups

Your data is backed up continuously, following Microsoft's standard Azure SQL pattern with SQL Server technology:
Full backup every week
Differential backups every 12 to 24 hours
Transaction log backups every 5 to 10 minutes

Ready to see it in action? Book a demo and we'll walk you through the platform.

Book a Demo
Municipality of Waterland - Netherlands

Structured Compliance from the Ground Up.

The Municipality of Waterland needed a structured approach to meet the BIO standard without building a heavy new system. ISOPlanner™ gave them clear ownership, organised tasks, and audit readiness from day one.
Read the Waterland Case
Answered

Frequently Asked Questions

01.

Where is my data stored, and does it ever leave the EU?

No. ISOPlanner™ and its data are hosted in Microsoft Azure's West Europe region (the Netherlands), and your policy and evidence documents stay in your own SharePoint environment. Your data stays in the EU, on infrastructure you already control.

02.

Who at ISOPlanner™ can access my data?

As few people as possible, and only when there is a genuine reason. We limit internal access to customer data to a strict need-to-know basis, retain as little data as possible, and operate with the fewest privileges required to support you.

03.

Do my users need separate logins or extra MFA setup?

No. ISOPlanner™ is accessed exclusively through Microsoft 365 accounts, so single sign-on works by default and your sign-in automatically inherits whatever multi-factor authentication you already enforce on Microsoft 365. There is nothing extra to configure.