Internal preview · gapledger.com

ISO 27001:2022 · flat-priced

ISO 27001, without the enterprise price tag.

GapLedger runs your whole ISMS — risk, controls, Statement of Applicability, audits, reviews — in plain English, and emails you before anything lapses. One flat price. Unlimited users. No forced integrations.

$500/mo flat · unlimited users · cancel anytime

ISMS readinessSoA 68% complete

ISMS Management

71%

Organizational (A.5)

84%

Technological (A.8)

46%

Reminder · from GapLedger
“Your annual access-rights review (A.5.18) is due in 5 days.”

We keep you on track

Learning ISO 27001 is the hard part. So we lead you through it.

Guided setup, plain-English control guidance, and a running “what needs your attention” list mean you always know the next move. Risk reviews, access reviews, audits, and management reviews become reminders — certification you keep, not a yearly scramble.

Risk assessment review12d overdue
Access rights reviewdue in 5d
Internal auditon track

The product

A real ISMS, not a spreadsheet.

Documentation-first. No agents to install, no integrations required — just a clear, defensible information security management system you can actually maintain.

Plain-English controls

Every ISO 27001 control — all 93 Annex A plus the clause 4–10 management requirements — with a plain-language title and guidance. No security degree required.

Risk → Statement of Applicability

A built-in risk register (qualitative or ISO 27005 depth) that justifies your controls and generates the SoA an auditor actually asks for.

The whole management system

Nonconformities & corrective actions, internal audits, and management reviews — the ISMS backbone, not just a control checklist.

One-click audit pack

Export SoA, risk register, CAPA log, audit history, and evidence index in a single PDF the morning your auditor arrives.

We nudge you before it lapses

Drills, reviews, and due dates become reminders. The dashboard tells you exactly what to do next — staying certified is the hard part, so we lead you through it.

Multi-scope & multi-framework

Run one org-wide ISMS or many (sites, subsidiaries, product lines). Map a control once, get credit across every framework it satisfies.

Pricing

One flat price. Everyone included.

No per-employee tax, no “book a demo to see the price,” no renewal surprises.

Core

$500/mo

or $5,400/yr — two months free

  • ✓ Full ISO 27001:2022 (111 controls)
  • ✓ Unlimited users
  • ✓ Risk register + SoA + audits + reviews
  • ✓ One-click audit pack
  • ✓ Cancel anytime
Start free

Practice

For consultants & MSPs

One console, every client ISMS — flat, not a per-client toll booth.

  • ✓ Unlimited client organizations
  • ✓ White-labeled audit-ready reports
  • ✓ Add-on framework modules (SOC 2, 27701, 22301)
Talk to us

Built to be trusted

We run our own controls against ourselves.

Enforced multi-factor auth · strict tenant isolation · write-once evidence + append-only audit trail · encryption at rest · least-privilege throughout.