This is probably the most common question we get asked as ISO standards can appear to be overwhelming at first simply due to the amount of work required. aims to simplify that and breaks the work down into sectioned manageable chunks, with most of the standard already completed for you using our Adopt, Adapt, Add policy content. allows you to easily monitor your progress and celebrate success every step of the way. No matter what speed you decide to take in your journey to success, the built-in reporting areas will give you a real-time view of how close you are to certification.

ISO Policies and Controls Project

If you are new to ISO 27001, a great place to begin your journey is the ISO 27001 Requirements phase within your ISO 27001 Policies and Controls Project. You can navigate to this by:

  1. Hover over 'Work' in the navigation bar
  2. Mouse your mouse over your 'ISMS' Cluster and select the 'ISO 27001:2013 Policies and Controls Project'
  3. Click on the 'Structure' tab to see its contents

The ISO 27001:2013 Policies and Controls Project structure will display.

Requirement 4.1

The ISO 27001 standard (indeed all the ISO standards) is structured in such a way that the different requirements build on each other, completing one will equip you well for completing those that follow. This is especially relevant for the "Understanding the organisation and its context section."

To get started we recommend beginning at the beginning, with requirement 4.1. To view it, click on the activity named 4.1: External and internal issues. Starting in this activity area will help focus your thinking about the world your organisation operates in and how your policies and practice need to reflect that. This guide will show you how to use the activity area to document your approach.  

The remaining core requirements

You’ll logically then move from 4.1 through the other ISO 27001 requirements up to 10.2, simply documenting your work as you go. Depending on your scope and experience this might take just a few hours or could take considerably longer. 

The 27002 "Annex A" controls

Once you have completed the core requirements, it's then time to look at the controls listed in the ISO 27002 document, these all begin with the letter A so they're easy to distinguish. This is where you will document the majority of the controls and processes you have in place to meet the ISO requirements. 

Bookmarking for quick access

As a new (or even experienced) user of the platform, building the habit into your daily routine is an important part of embracing new ways of working. So we’ve created a series of guides to make it as easy as possible for you to access in just a click or two.

In the external help guides listed below, you can learn how to save to your favourites or bookmarks in your internet browser. Click on one of the following for step-by-step instructions:


  • You can also add to your operating system’s desktop or taskbar (or equivalent feature). Concise guides on how to do this are available online.