Standardise
PricingSupportSign inGet started

Document Management

Create, version, and approve ISMS documents using 27 ISO 27001 templates, a WYSIWYG editor, and structured approval workflows.

Overview

ISO 27001 requires extensive documented information — policies, procedures, records, and reports. The Document Management module in Standardise provides a structured system for creating, editing, versioning, and approving all ISMS documentation. It ships with 27 production-quality templates covering all 8 ISMS modules, so you can start building your documentation library immediately rather than writing from scratch.

Template-First Creation

Document creation follows a two-step process:

  1. Select a template— Choose from 27 ISO 27001 templates, grouped by module (Policies, Risks, Evidence, Audits, Incidents, Assets, Compliance, General). Each template contains pre-written content with placeholder variables that are automatically resolved with your organisation's details.
  2. Configure the document — Set the title, assign an owner, and choose a review date. The module is automatically set based on the template selected.

Templates come in two types:

  • Singleton — One per organisation (e.g. Information Security Policy). Once created, the template is greyed out in the picker to prevent duplicates.
  • Multi-instance — Unlimited copies (e.g. Audit Reports, Meeting Minutes). Create as many as needed.

Version Control

Every document maintains a full version history. When you edit a document, the changes are saved as a new version rather than overwriting the existing content. This ensures a complete audit trail of all changes, which is essential for demonstrating compliance to auditors. Each version records who made the change and when.

You can view any previous version from the Versions tab on the document detail page. Only the latest version can be edited.

Status State Machine

Documents follow a structured lifecycle with enforced transitions:

  • Draft — Initial state. The document is being written or revised.
  • In Review — Submitted for approval. Reviewers can comment and request changes.
  • Approved — Formally approved and in effect. This is the active version of the document.
  • Superseded — Replaced by a newer approved version. Retained for historical reference.
  • Archived — No longer in use. Preserved for audit trail and historical record.

Transitions are enforced — you cannot skip steps (for example, a document cannot move directly from Draft to Archived). This ensures proper governance over all documented information.

Rich Text Editor

Documents are edited using a WYSIWYG (What You See Is What You Get) rich text editor powered by Tiptap. The editor supports headings, bold, italic, underline, strikethrough, code blocks, bullet and numbered lists, blockquotes, horizontal rules, and tables. Content is stored as HTML, and the toolbar is only displayed when editing.

ISO 27001 Mapping

Document Management addresses Clause 7.5 of ISO 27001:2022 (Documented Information), which requires the ISMS to include documented information required by the standard and determined by the organisation as necessary for the effectiveness of the ISMS. Clause 7.5.2 covers creating and updating, while Clause 7.5.3 covers control of documented information — including distribution, access, retrieval, storage, preservation, and disposition. The version control and approval workflow in Standardise directly implement these requirements.

Related Articles

ISO 27001 Guide
Clause 7: Support
Resources, competence, awareness, communication, and documented information requirements for your ISMS.
ISMS Modules
Internal Audits
Plan and conduct internal ISMS audits, track findings, manage corrective actions, and demonstrate continual improvement.
ISMS Modules
Evidence Collection
Upload, track, and manage audit evidence with file integrity checks, encrypted storage, and control mapping for ISO 27001 compliance.
← Back to Help Center