A living management system for information security
The Securapilot ISMS platform supports the full information security management system per ISO 27001 — from context and risk to controls, continuous improvement and audit. Built for certification and NIS2 compliance.
What is an ISMS?
An ISMS (Information Security Management System) is a structured, risk-based way to govern information security. ISO 27001 is the international standard — it defines requirements for management commitment, risk management, controls, internal audit and continuous improvement. NIS2 in practice demands the same structure for essential and important entities.
Securapilot replaces Excel and Word with a unified ISMS tool that holds up in certification audits.
Everything an ISMS tool needs
The platform covers the full ISMS lifecycle — not just the documents, but the links between risk, control and evidence.
Context and scope
Define ISMS scope, stakeholders, internal and external issues — with version-controlled documents.
Risk assessment per ISO 27005
Risk register with 5×5 matrix, residual risk, treatment plans and approval flows.
Statement of Applicability (SoA)
Auto-generated SoA against ISO 27001 Annex A with justification per control and rationale for exclusions.
Annex A controls
All 93 controls in ISO 27001:2022 Annex A with owner, status, evidence and review periods.
Internal audit
Audit plan, findings, non-conformities and corrective actions with traceability.
Management review
Structured inputs and outputs per clause 9.3 — KPIs, risks, actions and decisions.
ISO 27001 clauses 4–10 in the platform
The platform covers the full requirements structure of ISO 27001:2022 — not just Annex A.
Context
Organisational context, stakeholders and ISMS scope (4.1–4.4).
Leadership
Management commitment, policy and roles (5.1–5.3).
Planning
Risk management, objectives and security planning (6.1–6.3).
Support
Resources, competence, awareness and documented information (7.1–7.5).
Operation
Operational planning, risk assessment and treatment (8.1–8.3).
Performance evaluation
Monitoring, internal audit and management review (9.1–9.3).
Improvement
Non-conformities, corrective actions and continuous improvement (10.1–10.2).
Capabilities that take you to certification
Functionality that lifts ISMS work from a binder of documents to a living system.
SoA generator
Auto-generated Statement of Applicability mapped to Annex A with justifications.
Control library
All 93 Annex A controls with owner, status, evidence and review frequency.
5×5 risk matrix
Risk register per ISO 27005 with inherent and residual risk.
Audit trail
Full change log on every entity — auditor requirements met out of the box.
NIS2 mapping
Annex A controls mapped to NIS2 article 21 — same control, two frameworks.
Internal audit
Audit plan, checklist, findings and non-conformities with follow-up.
Management review
Templates for clause 9.3 with KPIs and decision support for leadership.
AI policy generator
AI suggests policy text based on organisational context and applied controls.
Frequently asked questions about ISMS platforms
What is an ISMS?
An ISMS (Information Security Management System) is a structured, risk-based way to govern information security. ISO 27001 defines the requirements — management commitment, risk management, controls, internal audit and continuous improvement. An ISMS is not a document but a living system.
What is the difference between ISO 27001 and an ISMS?
ISO 27001 is the standard describing requirements for an ISMS. The ISMS is the management system you build to meet those requirements. ISO 27001 certification means an accredited auditor has confirmed that your ISMS meets the standard.
How long does it take to build an ISMS?
With starter templates and a unified tool, organisations typically get an ISMS running in 2–4 weeks and can be certification-ready in 6–12 months. The biggest variable is management commitment and access to data about assets and processes.
Do we need ISO 27001 certification to meet NIS2?
No. NIS2 does not require ISO 27001 certification but demands an equivalent structure. Many organisations choose ISO 27001 as the framework for NIS2 compliance because its controls largely cover NIS2 article 21.
What is the Statement of Applicability (SoA)?
The SoA is a central document in ISO 27001 where each Annex A control is addressed: is it applicable, if not — why, and how is it implemented. Securapilot generates the SoA automatically from your ISMS work.
How does the platform support management review?
The platform delivers ready inputs for clause 9.3 — risk status, control compliance, KPIs, audit findings and action follow-up — so management review becomes decision support, not a document meeting.
Ready to build your ISMS systematically?
Book a demo and we will show how the Securapilot ISMS platform takes you from first risk assessment to ISO 27001 certification.