ISO 27001 in 30 days. No consultants.

Documentation and field guides built in real audits and used to pass ISO 27001:2022 and SOC 2 Type I. Copy, adapt, ship, and keep building.

Built by a CTO who has led teams through certification. Auditor-friendly. Founder-practical.

Choose your package →

Full refund + €1 000 if your auditor finds a fatal gap

Read how the system was built in the field →

Proof, not promises

“As this was Epikast’s first SOC 2 engagement, Angelos’s structured approach and hands-on involvement were key in helping the company complete the process successfully on the first attempt. His detailed understanding of compliance requirements, coupled with proactive communication and a solutions-oriented mindset, facilitated smooth coordination and timely project delivery..” - Maria C. L., Big 4 Risk Advisory Principal

From setback to dual certification in 120 days

See the timeline and what changed →

Why builders choose us

Policies mapped to modern SaaS stacks (not generic blanks).
End-to-End Implementation Guide (Waves 0–5) that removes guesswork and busywork.
Risk-free: if an auditor flags a fatal gap, we pay.

What’s inside the packs

120+ ISO 27001 & SOC 2 policies and document templates, clearly cross-referenced. They have been rebuilt from scratch to incorporate all lessons learned and eliminate any IP risk.
Statement of Applicability, Risk Register, and Evidence Tracker
End-to-End Implementation Guide + Small Team Editions (Waves 0–5)
Audit-interview notes your team can rehearse in 30 minutes
Slack Q&A for practical questions during ramp-up

End-to-End Implementation Guide (Waves 0–5)

A practical 30-day, wave-based plan that gets you to audit-ready without consultants. Governance first, then people/assets/vendors, identity & endpoints, build & change, detect/respond/recover, and finally privacy + assurance.

Week 1	Wave 0 - Scope, Top Policy, Risk method, SoA v1, document control, thin audit loop.
Week 2	Waves 1–2 — HR/JML, Asset Register & AUP, Data Classes, Suppliers, MFA & IdP, Devices (MDM), Physical.
Week 3	Waves 3–4 (part) — Secure baselines (OS/DB/Cloud), SSDLC gates, Change & Release, start Vuln/Patch, Crypto/Keys.
Week 4	Wave 4–5 — Logging/SIEM, Backups + Restore test, Incident Response tabletop, BCP run, Privacy artifacts, metrics & IA finalize.

See how the guide maps to the pack →

Not just documents — your AI compliance portal

When you buy a pack, you also get access to the Operator Foundry Portal — a privacy-focused LLM that answers questions about your policies, SoA, registers, and guides your team through audit preparation.

Ask

Plain-English questions over your documents.

“Where do we cover backups and retention?”
“Draft a response for A.8.3 evidence.”
“What’s missing for our SoA scope?”

Act

Cited answers and next-step checklists.

Inline citations back to your files
Step-by-step tasks with owners
Evidence reminders you can copy to your tracker

Trust

Built for sensitive documents.

Private workspace for your team
You control what’s uploaded and shared

12 months included

Unlimited users for your company. Activate after checkout.

What founders say

“We went from zero to ISO 27001 certificate in 27 days. The pack saved us at least €25k in consultant fees.”

— Tea T., CEO, LindLaw OÜ

“Our Big 4 SOC 2 auditors said it was one of the cleanest first-time folders they’d reviewed.”

— Vangelis V., Founder, Epikast

“The End-to-End Implementation Guide turned a daunting project into a checklist. We closed two enterprise deals that month.”

— Chris C., COO, Sorbet Payments OÜ

“I’ve bought a lot of templates, none were this applicable to a real company. The evidence tracker alone is worth it.”

— Peter T., CIO, DoubleEye Ltd

What you receive

ISO 27001 Core Pack €9 500 value

End-to-End Implementation Guide (Waves 0–5) €1 500

Audit Interview Cheat-Sheet €750

Board-Ready Risk Deck €1 200

Slack Support — 30 days €2 000

Total equivalent value: €14 950

DIY packs from €995

Typical consultant quotes: €30k–€70k for a first pass.

Pricing

ISO 27001 DIY Pack

One-off €995

Complete ISO 27001 policy set
End-to-End Implementation Guide (Waves 0–5)
Audit interview checklist
Slack Q&A — 30 days

Money-back + €1 000 fatal-gap guarantee.

SOC 2 DIY Pack

One-off €995

SOC 2 policy set
End-to-End Implementation Guide (Waves 0–5)
Audit interview checklist
Slack Q&A — 30 days

Money-back + €1 000 fatal-gap guarantee.

ISO 27001 + SOC 2 Bundle Best value

One-off €1 735

Both DIY packs
Unified risk & evidence tracker
Slack Q&A — 60 days
Gap-patch guarantee

Save vs buying individually.

Founder Sprint — done-with-you in five days

€4 900 – €6 900

Includes full DIY documentation
Two × 2-hour live SoA mapping sessions
Risk register & evidence tracker 70% pre-filled
72-hour Slack support
Review of three key artefacts

Compliance Quarterback — full execution

€14.600 (60% upfront, 40% on completion)

Everything in Founder Sprint
Custom SoA aligned to your stack
Fully scheduled evidence tracker
Drafting of up to five missing policies
Audit rehearsal & complete pre-audit review

Multi-Standard Retainer

€2 500 / month (3–6 month term)

ISO 27001 & SOC 2 artefact maintenance
Monthly log, backup, access, and incident reviews
One new compliance register each month
Security onboarding for new hires
Quarterly board-ready risk slides

À-la-carte add-ons

Service	Price	Ideal when you…
Audit interview rehearsal (60 min)	€650	You want to refine responses before audit day
Custom board-ready security deck	€950	You need to brief investors or enterprise customers
Artefact review pack (5 items)	€1 250	You want an expert check on critical evidence
DORA starter add-on	€850	You face fintech vendor assessments
AI governance register pack	€990	You are preparing for EU AI Act duties

Frequently asked

Will auditors accept documentation that started from templates?: Yes. Auditors look for suitability, completeness, and evidence. Our packs give you the structure; your adaptations and records show it operates in your environment.
How long to reach “audit-ready”?: Most small teams follow the End-to-End Implementation Guide over ~30 days. With tight scope and focus, many reach audit-ready in 2–4 weeks.
What if we get stuck during implementation?: Each DIY pack includes Slack Q&A (30 days; 60 days with the bundle). Use it for practical questions while you adapt the docs and build evidence.
How does the guarantee work?: If your auditor issues a written finding that a fatal gap is caused by our documentation, we patch within five business days or refund 100% and pay €1 000.

Ready to secure your pass?

Choose your package →

Current pricing holds until the next release cycle.