ISO 27001 · ISMS automation

ISO 27001,
done in-house.

Sertly turns months of consultant work into a guided workflow — templates, hints, and AI for every control. Built for teams of 10 to 100.

No credit card · Free until you invite your team
Your ISMS
Annex A readiness
68%
A.5Organizational controls82%
A.6People controls54%
A.7Physical controls90%
A.8Technological controls61%
Sertly · suggestion
Draft an A.6.7 Remote Working policy — 3 controls still uncovered.
Built on ISO/IEC 27001:2022 93 controls 4 Annex A themes 1 guided workflow
The old way vs Sertly

Certification shouldn't cost a quarter of your runway.

The traditional route means consultants, spreadsheets, and a process you can't see into. Sertly puts the whole thing in your hands.

The consultant route

Slow, opaque, expensive

  • €20–40k in consulting fees before you see a certificate
  • 6–12 months of back-and-forth and email threads
  • Policies written for you that nobody on the team understands
  • Knowledge walks out the door when the engagement ends
With Sertly

Guided, transparent, yours

  • A flat subscription — no surprise invoices
  • A clear path with progress you can watch fill in
  • Templates and plain-language hints you actually learn from
  • Your ISMS stays in-house, current, and ready to re-certify
How it works

Three steps from zero to audit-ready.

No prior security experience required. Sertly meets you where you are and walks you the rest of the way.

STEP 01

Scope your ISMS

Answer a short set of questions about your company. Sertly generates your Statement of Applicability and tells you exactly which controls apply.

STEP 02

Fill the gaps

Work through each control with ready-made templates and hints in plain language. The AI flags what's missing and drafts the next policy for you.

STEP 03

Stay audit-ready

Evidence and policies stay current as you grow. Export the SoA and evidence pack your auditor wants — and re-certify without starting over.

Annex A coverage

All 93 controls. Four themes. One place.

Every control in ISO/IEC 27001:2022 is mapped, templated, and tracked — so nothing slips through the cracks.

A.537 controls

Organizational

Policies, roles, supplier relationships and the governance backbone of your ISMS.

Information security policyRoles & responsibilitiesSupplier security
A.68 controls

People

Screening, awareness, remote working and everything that touches your team.

Onboarding & offboardingSecurity awarenessRemote working
A.714 controls

Physical

Offices, devices and media — the physical side auditors still ask about.

Secure areasClear deskEquipment disposal
A.834 controls

Technological

Access control, logging, encryption and secure development across your stack.

Access controlLogging & monitoringSecure development
What's inside

Everything you'd hire a consultant for.

Templates for every control

Pre-written policies and procedures mapped to all 93 Annex A controls. Edit to fit — don't author from a blank page.

AI hints as you go

Sertly reads your context, spots gaps, and suggests the next control to close — in language a non-expert can act on.

Live readiness tracking

A single dashboard shows how covered each theme is and what's left — so you always know how close you are.

Audit-ready exports

Generate your Statement of Applicability and evidence pack in the format auditors actually request.

Risk register built in

Identify, assess and treat risks alongside your controls — connected, not in a separate spreadsheet.

Roles & collaboration

Assign owners, track approvals and bring the whole team in — without anyone needing to be a security expert.

Pricing

One flat plan. No consultant invoices.

Start free. Upgrade when you're ready to bring in your team and head for the audit.

Starter
For founders scoping their ISMS and getting the lay of the land.
€0/ forever
Start free
  • Full Annex A mapping
  • Statement of Applicability
  • Single user
Most popular
Team
For teams of 10–100 working toward their first certification.
€249/ month
Start free trial
  • Everything in Starter
  • Unlimited team members
  • AI hints & policy drafting
  • Risk register & evidence exports
Scale
For groups with multiple entities or frameworks beyond 27001.
Let's talk
Book a demo
  • Everything in Team
  • Multiple entities & frameworks
  • SSO & priority support
Questions

The things founders ask us.

How long does it take to get certified?
Most teams reach audit-readiness in 6–12 weeks with Sertly, versus 6–12 months on the traditional route. Your pace depends on how much is already in place — Sertly shows you exactly what's left at every step.
Do I need a security expert on the team?
No. Sertly is built for founders and operators without a security background. Every control comes with plain-language guidance and a template, and the AI drafts policies you can review and approve rather than write from scratch.
Is this real ISO 27001, or just a checklist?
It's the real thing. Sertly maps to the full ISO/IEC 27001:2022 standard — all 93 Annex A controls plus the management-system clauses — and produces the Statement of Applicability and evidence an accredited auditor needs to certify you.
What about the audit itself?
You'll engage an accredited certification body for the actual audit — that's a legal requirement no software can replace. Sertly gets you fully prepared and exports everything the auditor asks for, so the audit is a confirmation, not a scramble.
What happens after we're certified?
Your ISMS lives on in Sertly. Policies, evidence and risks stay current as you grow, and surveillance audits and re-certification become routine instead of a fresh project every time.

From zero to certified.
Start today.

Scope your ISMS for free in the next ten minutes.

Start free Book a 20-min demo