ISO 27001:2022 · flat-priced
ISO 27001, without the enterprise price tag.
GapLedger runs your whole ISMS — risk, controls, Statement of Applicability, audits, reviews — in plain English, and emails you before anything lapses. One flat price. Unlimited users. No forced integrations.
$500/mo flat · unlimited users · cancel anytime
ISMS Management
Organizational (A.5)
Technological (A.8)
Reminder · from GapLedger
“Your annual access-rights review (A.5.18) is due in 5 days.”
We keep you on track
Learning ISO 27001 is the hard part. So we lead you through it.
Guided setup, plain-English control guidance, and a running “what needs your attention” list mean you always know the next move. Risk reviews, access reviews, audits, and management reviews become reminders — certification you keep, not a yearly scramble.
The product
A real ISMS, not a spreadsheet.
Documentation-first. No agents to install, no integrations required — just a clear, defensible information security management system you can actually maintain.
Plain-English controls
Every ISO 27001 control — all 93 Annex A plus the clause 4–10 management requirements — with a plain-language title and guidance. No security degree required.
Risk → Statement of Applicability
A built-in risk register (qualitative or ISO 27005 depth) that justifies your controls and generates the SoA an auditor actually asks for.
The whole management system
Nonconformities & corrective actions, internal audits, and management reviews — the ISMS backbone, not just a control checklist.
One-click audit pack
Export SoA, risk register, CAPA log, audit history, and evidence index in a single PDF the morning your auditor arrives.
We nudge you before it lapses
Drills, reviews, and due dates become reminders. The dashboard tells you exactly what to do next — staying certified is the hard part, so we lead you through it.
Multi-scope & multi-framework
Run one org-wide ISMS or many (sites, subsidiaries, product lines). Map a control once, get credit across every framework it satisfies.
Pricing
One flat price. Everyone included.
No per-employee tax, no “book a demo to see the price,” no renewal surprises.
Core
$500/mo
or $5,400/yr — two months free
- ✓ Full ISO 27001:2022 (111 controls)
- ✓ Unlimited users
- ✓ Risk register + SoA + audits + reviews
- ✓ One-click audit pack
- ✓ Cancel anytime
Practice
For consultants & MSPs
One console, every client ISMS — flat, not a per-client toll booth.
- ✓ Unlimited client organizations
- ✓ White-labeled audit-ready reports
- ✓ Add-on framework modules (SOC 2, 27701, 22301)
Built to be trusted
We run our own controls against ourselves.
Enforced multi-factor auth · strict tenant isolation · write-once evidence + append-only audit trail · encryption at rest · least-privilege throughout.