Product · ISO 27001
One framework, every jurisdiction. ISO 27001 made fast.
What European and APAC enterprises ask for when they want a single standard that travels. Veylan generates your Statement of Applicability, runs your risk register, and maps every Annex A control to the configuration in your cloud.
What you ship.
Statement of Applicability (SoA)
Auto-drafted from your stack and scope. Justifications baked in for inclusions and exclusions.
Risk register
Likelihood × impact scoring, treatment plans, owner assignment. Re-assessed continuously, not annually.
Annex A control mapping
All 93 controls in the 2022 revision. Mapped to what your AWS/GCP/Azure actually does — not a wishlist.
Management review cycle
Quarterly review packs generated automatically. Bring them to your management meeting; we keep the receipts.
Internal audit module
Schedule, scope, evidence collection, finding tracking. Your internal audit, automated.
Stage 1 + Stage 2 audit prep
Auditor portal with read-only access, evidence index, and a chase-down workflow for outstanding requests.
Common questions.
- Which version: 2013 or 2022?
- 2022 (with the 2024 amendment). All new certifications use the current standard; we'll help migrate if you're on 2013.
- How long to certification?
- Typically 3–6 months end-to-end (readiness + Stage 1 + Stage 2). Faster if your control posture is already strong.
- Do you do the audit?
- No. ISO 27001 certificates come from accredited certification bodies (TÜV, BSI, DNV, etc.). We're your readiness platform; they certify.
- Can I bundle with SOC 2 and GDPR?
- Yes — controls overlap significantly. Growth and Scale tiers cover all three with deduplicated evidence.