FAQs about using ISMS.online

We can offer a trial, allowing you to experience ISMS.online firsthand. To ensure it’s truly valuable, we like to start with a short conversation and guided demo of the platform. This helps us understand your goals, frameworks (such as ISO 27001, DORA, ISO 27701, or SOC 2), and any specific challenges you’re looking to address. From there, we’ll configure your trial environment to reflect your real-world needs, allowing you to evaluate the platform in the most relevant and meaningful way.
Book your personalised demo to get started with expert guidance and a trial experience tailored to you.

ISMS.online offers flexible user types to suit different roles and levels of involvement across your organisation.

Regular users
These are your core platform contributors who actively work on your ISMS. That includes policy authors, approvers, members of your ISMS management board, and owners of risks, incidents, or other compliance items. Your subscription includes a set number of Regular users, and you can add more as needed.

Occasional users
These users log in less frequently and typically consume content rather than create it. This might include reading and acknowledging policies, reviewing updates, or contributing to specific one-off projects, such as onboarding or internal audits. Occasional users are available for a nominal fee and offer a cost-effective way to engage a broader audience without over-licensing.

ISMS.online allows organisations to effortlessly create multiple users at once. User details can be imported to your organisation, and it is even possible to define when you would like newly created users to receive their ISMS.online welcome email.

We currently only promote our SaaS version of the software on the website. We can offer an on-premise option by exception but it is much more expensive than our SaaS offering for obvious reasons and would require some upfront consulting work too.

While ISMS.online includes everything you need to achieve and manage compliance with standards like ISO 27001, NIS 2, DORA, and more, we also offer optional add-ons to help you go further, move faster, and simplify ongoing compliance.

Policy Packs
Simplify policy distribution and compliance tracking with Policy Packs. Share tailored sets of policies with staff, suppliers, or auditors, track who’s read them, send reminders, and prove compliance with real-time, audit-ready reporting all from one central dashboard.

Virtual Coach
Need a guided path to certification? Virtual Coach is our complimentary support service that offers step-by-step guidance, practical tips, and our proven Assured Results Method (ARM) to help you implement your ISMS with speed and confidence.

Supply Chain Management
Take control of third-party risk with our supplier management add-on. This module helps you collaborate securely with vendors and partners, giving you a clearer picture of your information security across the supply chain.

Integrations
Connect ISMS.online with the tools your teams already use, like Microsoft Teams, Jira, Servicenow, and SharePoint. Whether you want real-time alerts or to link evidence directly from SharePoint, our integrations help streamline workflows and reduce admin overhead.

Security is at the heart of everything we do. ISMS.online is built to protect your data with robust safeguards, global infrastructure, and independently verified certifications.

We use our own platform to maintain certifications for ISO 27001, ISO 27701, and Cyber Essentials. Like our customers, we achieved ISO 27001 certification using our Assured Results Method.

Your data is hosted in one of four world-class data centres located in the UK, Europe, the USA, and Australia, all of which meet high standards for availability, resilience, and information security.

Read more about our Security Credentials

Your data is hosted in one of our four secure data centres located in the UK, Europe, USA, or Australia. All our data centre partners meet strict security standards and hold internationally recognised certifications, including ISO 27001. No matter where your data is hosted, you benefit from the same high level of protection, resilience, and compliance.

Hourly and daily snapshots of data are taken and we retain data for at least 28 days. Backed up data is protected with an encryption scheme that meets or exceeds that which we have specified within A.10.1.1 of our ISO 27001 controls.

The short answer is yes. We currently offer a range of exports and reports and your information can be downloaded during your ISMS.online journey or in the event you choose to unsubscribe.

We retain your data for one-month post-termination. This gives you ample time to export or copy any information out of your environment.

Yes. ISMS.online supports Single Sign-On (SSO) via SAML 2.0, making it easy to integrate with identity providers like Google, Microsoft Azure AD, Okta, and more.

We also support SCIM (System for Cross-domain Identity Management) to help you automate user provisioning and de-provisioning. That means faster onboarding, easier offboarding, and fewer manual errors all while keeping access rights up to date and secure.
With SSO and SCIM combined, you can:
Centralise identity management across your organisation
Reduce the risk of human error and access issues
Streamline compliance and demonstrate secure access control to auditors

Editing of policies is normally done within ISMS.online, in the workspace provided (with full revision/audit trail). We recommend using this workspace wherever possible as you can create links to other relevant areas of the platform for visibility and speedy access. In some instances, you may choose to upload documents to ISMS.online. The version control features allow for documents to be ‘checked-out’ to show other users they are being worked on and then uploaded as a new version. Whichever method you choose to manage your policies, full revision history and version control is taken care of.

Yes. You can copy and paste them directly into the Notes areas within your ISO 27001 (or GDPR) framework, or you can upload a document. Either way, you’ll have a full audit trail of date, time and revisions.

Yes, users can easily import assets, risks and supply chain accounts to ISMS.online. ISMS.online users can simply complete the provided import templates and we’ll do the rest.

Our platform supports all standard file formats including Word, Excel, pdf, video, sound, ppt, png, and many more. You can also hyperlink to existing documentation in your Google Drive or Shared folders.

Our online platform is designed for easy team working and management overview, and as such, most of your ISMS work will be undertaken on the platform. Clusters and Dashboards make light of management reviews and committee meetings by bringing your ISMS together in one place. Using Clusters and Dashboards allows you to save time on reporting performance or chasing on progress, by providing a clear view of outstanding actions, progress and information relating to your ISMS. This will enable you and your colleagues to inform important decisions and practice continual improvement. ISMS.online recognises the need for external reporting and, therefore, there are a number of reporting and exporting options which are available in MS Word, Excel and PDF format depending on the nature of the report being requested. You can also take a screenshot, using your browser print screen options. Examples of exports and reports available in ISMS.online include:

ISMS.online makes it easy to grant your auditor remote access to your ISMS. You can create users for individuals within the auditing organisation and define the areas of your ISMS that are accessible to your auditor.