Track all 93 Annex A controls with plain-English checklists. Attach evidence, assign tasks to your team, and generate readiness reports for your auditor.
10-day free trial · No credit card required · Setup in 3 minutes
ISO 27001 is the global gold standard for information security management. It requires building an ISMS — a systematic framework of policies, controls, and processes that protects your data and demonstrates it to customers and regulators.
A documented framework covering the scope, policies, risk assessment methodology, and treatment plan for your information assets.
Identify information security risks, assess their likelihood and impact, and document how each risk is treated, accepted, or transferred.
The 2022 revision includes 93 controls across four themes: Organisational (37), People (8), Physical (14), and Technological (34).
Regular internal audits confirm that your ISMS operates as documented and that controls remain effective over time.
Leadership must review the ISMS at planned intervals, reviewing performance metrics and approving any changes to policy or scope.
A document listing all 93 controls, whether each is applicable to your scope, and the justification for any exclusions.
Rather than navigating a 114-page standard on your own, Complara gives you a pre-mapped, actionable checklist for every relevant control — so you know exactly what to implement and what evidence auditors expect.
All 93 Annex A controls broken down into plain-English tasks. Each item tells you what to do, why it matters, and what evidence to collect.
Attach policies, configurations, audit logs, and screenshots directly to each control. No more scattered folders or spreadsheet links.
Assign controls to the right team members — InfoSec, HR, Facilities, Engineering. Track completion without endless status meetings.
Export a control-by-control readiness summary to share with your certification body at Stage 1 audit review.
ISO 27001 shares significant control overlap with SOC 2 and GDPR. Many startups use Complara to track all three simultaneously — the evidence often applies across frameworks.
ISO 27001 is the international standard for information security management systems (ISMS). It specifies a systematic approach to managing sensitive information, covering people, processes, and technology. Certification demonstrates to customers and regulators that your security practices meet a globally recognised standard.
The 2022 revision includes 93 controls across four themes: Organisational, People, Physical, and Technological. You don't implement every control — you apply those relevant to your scope based on your risk assessment.
Most startups complete implementation in 3–6 months, followed by a Stage 1 documentation review and Stage 2 on-site audit. Total time to certification is typically 6–12 months.
No — they're different frameworks from different bodies. SOC 2 is a US-based auditing standard (AICPA) more common in North America. ISO 27001 is an international standard more recognised in Europe and APAC. Many enterprise buyers, especially in Europe, require ISO 27001. See how SOC 2 compares →
All 93 controls. Plain-English tasks. Evidence storage built in. From first policy to audit-ready — in one place.