Support centre

ISO 27001 is the international standard for Information Security Management Systems (ISMS). It sets out the requirements for establishing, implementing, maintaining, and continually improving an ISMS. Any organisation that handles sensitive information — from SaaS companies to healthcare providers, financial institutions, and government contractors — can benefit from, or be required to obtain, ISO 27001 certification. Many enterprise customers and regulated industries now require it as a baseline supplier security requirement.

Stage 1 (documentation review) is a desk audit where your certification body reviews your ISMS documentation — scope, policies, risk assessment methodology, Statement of Applicability, and objectives — to determine whether you are ready for Stage 2.

Stage 2 (implementation audit) is an on-site (or remote) assessment where auditors verify that the controls described in your documentation are actually implemented and operating effectively. Both stages must be passed to receive certification. Use our free readiness check to gauge your Stage 1 and Stage 2 preparedness before your audit.

For most small-to-medium organisations, the full journey — from starting implementation to receiving your certificate — takes between 3 and 12 months. The timeline depends on your organisation's size, the complexity of your scope, and how much of your ISMS documentation and processes already exist. With OmyaAI's 40+ document templates and AI-powered tools, many customers reduce that timeline significantly by avoiding a blank-page start.

ISO 27001:2022 requires a specific set of documented information, including your ISMS scope (Clause 4.3), Information Security Policy (A.5.1), risk assessment methodology and results, Statement of Applicability (SoA), information security objectives, and evidence of competence and awareness. Beyond mandatory documents, auditors typically expect supporting policies and procedures covering areas like access control, incident management, business continuity, and supplier security. Browse our full document library to see the complete set.

No — the free readiness check is completely anonymous and requires no login. You can also browse document previews (first page of each document) without an account. However, to save your readiness check results, use the AI Assistant, access purchased documents, or use the Audit Room and Risk Copilot, you will need a free account.

The AI Assistant is a 24/7 conversational AI trained specifically for ISO 27001 implementation questions. You can ask it to explain Annex A controls, help you draft policy wording, advise on risk treatment strategies, clarify audit requirements, or guide you through specific implementation challenges. Free accounts get 5 messages per day; upgrading to AI Plus or Pro gives you 150 messages per day.

Workspaces allow enterprise teams and consultants to manage multiple, separate ISMS projects or client engagements from one account. Each workspace has its own documents, risk register, audit room, and evidence files — fully isolated from other workspaces. Workspaces are an Enterprise plan feature. Contact our team to learn more.

Yes. OmyaAI is built on Google Cloud Platform with data encrypted at rest and in transit. We follow ISO 27001:2022 principles in our own operations. Documents and evidence files are stored in private Google Cloud Storage buckets — you access them via short-lived signed URLs, never directly. We are GDPR compliant and never sell your data to third parties.

The Document Pack ($99, one-time) gives you lifetime access to 40+ editable ISO 27001 document templates in Word and PDF format — great if you primarily need the documentation side covered.

The Pro plan ($199/month or $1,499/year) includes everything in the Document Pack plus the full AI tools suite, AI Assistant Plus (150 messages/day), the Audit Room with evidence tracking, and the full Risk Copilot with audit-ready PDF reports. Compare all plans.

Yes. Pro and AI Plus subscriptions can be cancelled at any time from your account settings. You will retain access to your plan until the end of your current billing period. The Document Pack is a one-time purchase and is not a subscription — you own it forever.

Yes. Enterprise customers can be billed by invoice (monthly or annual) rather than credit card. This is ideal for organisations with procurement requirements. Contact our enterprise team to set this up.

It is a one-time purchase. Pay $99 once and you have permanent, lifetime access to all 40+ documents, including any updates we release. There are no recurring charges for the Document Pack.

Documents are available in both Word (.docx) and PDF formats. Word files are fully editable so you can customise them with your organisation name, scope, and controls. PDFs are useful for sharing with auditors or internal stakeholders who should not edit the content.

Yes — the first page of every document is available as a free preview without any login required. Browse the document library to see which documents are included and preview their structure before purchasing.

After completing your purchase, your documents are immediately accessible from your account dashboard under Documents. Each document has a download button for both the Word and PDF versions. Your access is permanent — you can download at any time.

Yes. All documents are kept up to date with the current ISO 27001:2022 standard. Document Pack customers receive updates at no additional charge. If a new major version of the standard is published, we will update the templates and you will have access to the revised versions as part of your lifetime purchase.