How it works

Get ISO 27001 certified and expand internationally

Our intuitive software automates every step of your ISO 27001 compliance journey—from evidence collection to policy implementation and task management. Paired with your assigned ISO certification expert, you save time while expanding to new markets.

A customized, detailed scoping process

Guiding you from the start, our experts create a unique roadmap for your organization to efficiently get you ready for your ISO 27001 journey. This includes a thorough assessment and white-glove account management.

A scoped roadmap to ISO 27001 in Thoropass
Expedited onboarding to get you started

We help set the foundation with templated policies and a structured roadmap to work through your control list right from the jump. We will provide the best tips and tricks, such as getting your third-party vendors integrated and automating much of your data collection work.

A user connects integrations in Thoropass
Streamline your ISO 27001 journey

Our intuitive platform is ready to put ISO 27001 controls into operation through a guided workflow, continuous monitors, action items, and project management tools. It also includes features for managing security permissions to help achieve ISO 27001 compliance.

A user implements a particular policy in Thoropass
Evaluate your risk and link back to controls

Risk Register provides a customizable, 360-degree view of your risk landscape so you can track, analyze, and remediate risk with ease.

Close up of the Thoropass Risk Register
Internal and External Audits
Seamless audits get you where you need to be

Thoropass is the only solution that enables a seamless execution of both your internal and external audits within a unified ecosystem.

Audit progress of an ISO 27001 certification
Get Started
Start your ISO 27001 certification journey with Thoropass
Talk to an expert icon-arrow-long

More resources

Explore resources for ISO 27001 best practices

Blog posts, guides, and checklists to help you get started with ISO 27001 and better understand how it can bolster your data and information security program and protect your company from existing and emerging risks.

Everything you need to know about ISO 27001
Everything you need to know about ISO 27001

With this guide, checklist, and webinar, get the insights and actionable assets you need to supercharge your path to certification.

Get the bundle icon-arrow
Which framework(s) are best for your organization?

SOC 2? PCI DSS? Find out if there are other frameworks and regulations you need to reduce your risk of data breaches.

Take the quiz icon-arrow
The ISO 27001 Guide for Tech SMBs
Open new markets by complying with ISO standards

Learn how to grow your business while reducing insider threats and the risk of cyber-attacks and securing information systems.

Get the guide icon-arrow
Step-by-step checklist to ISO 27001
Get your ducks in a row with your ISO checklist

Here is everything you need to achieve and maintain compliance.

Get the checklist icon-arrow

Frequently Asked Questions

 ISO 27001 is the international standard developed by the International Organization for Standardization and the International Electrotechnical Commission (ISO IEC 27001). It lays the groundwork and specifications for implementing an Information Security Management System (ISMS).

Similar to a SOC 2 report, your business will likely need to achieve compliance with ISO 27001 if it operates outside the US and stores sensitive information. We recommend that businesses pursue an ISO 27001 certification for regulatory reasons primarily. Our customers also come to us when a lack of certification impacts reputation or when pursuing international deals.

The cost of an ISO 27001 certification is variable. Unlike SOC 2, ISO 27001 is highly regulated and customized to the company. Cost can be impacted by various factors such as the number of employees, nature of the sensitive data an organization ingests and number of cloud based systems it’s hosted on. We recommend starting your compliance journey early, so your company can avoid the accrued costs associated with delaying ISO 27001 compliance.

Certification is broken down into different stages; Stage 1 is normally a few days of presenting the policies and procedures to the auditor at a high level. Stage 2 occurs normally a few weeks after Stage 1 is completed when the auditor will dive into the detailed evidence to verify that the policies and procedures are being followed and comply with the ISO 27001 standard.

The two frameworks are fairly similar–and require many of the same types of controls, data governance, and continuous assessment to remain compliant such as gap analysis and risk assessment. A general timeline comparison looks like this:

  • Design and implementation:
    • SOC 2: 3 months
    • ISO 27001: 6 months
  • Audit:
    • SOC 2: 6-12 weeks, annually
    • ISO 27001: internal, 3-6 weeks annually. External, 6-12 weeks every other year.

Getting ISO 27001 certified is a lengthy and complex process to implement. It’s easy to get lost in the weeds when you’re juggling control design, trying to establish the gaps in your current security posture, and scheduling your internal and external audits. ISO 27001 software, like Thoropass, can help greatly reduce the amount of time and resources required to achieve ISO 27001 compliance.

 ISO 27001 certification specifically requires renewal every three years, involving ongoing compliance reviews, new control developments, and continuous internal and external security audits. Additionally, organizations must ensure regular employee training and management reviews of internal audits to demonstrate continual improvement.

 According to the ANSI National Accreditation Board, ANAB, there are only 21 firms in the United States that can provide businesses with an official certification. ANAB is the largest accreditation body in the western hemisphere that assesses and accredits different auditors against information security standards like ISO 27001. Thoropass is the only ISO 27001 software that provides both internal and external audits within one unified platform.

Using ISO 27001 software like Thoropass offers several benefits:

  • Streamlined compliance management from within one centralized location
  • Enhanced efficiency including capabilities like unified controls and multi-framework audits
  • Improved security posture allowing you to accelerate trust building and business growth
  • Simplified compliance and audit process with the OrO Way
  • Ability to scale your compliance program efficiently and effectively as you grow
  • Continuous maintenance and improvement with automated alerts and consolidated communication