Welcome to Standardise
An overview of the platform, what ISO 27001 is, and what you can achieve with Standardise.
What is Standardise?
Standardise is an information security management system (ISMS) platform purpose-built for Australian organisations pursuing ISO 27001:2022 certification. It brings together everything you need to build, operate, and continuously improve your ISMS — from risk assessments and policy management to audit trails and compliance tracking — in a single, secure workspace.
Whether you are a startup preparing for your first certification or an established business maintaining an existing ISMS, Standardise provides the structure and tooling to make the process manageable and repeatable.
What is ISO 27001?
ISO/IEC 27001:2022 is the international standard for information security management. It defines requirements for establishing, implementing, maintaining, and continually improving an ISMS. The standard is structured around:
- Clauses 4 to 10 — the management system requirements covering context, leadership, planning, support, operation, performance evaluation, and improvement.
- Annex A — 93 reference controls across four themes: Organisational, People, Physical, and Technological.
Certification demonstrates to customers, partners, and regulators that your organisation takes information security seriously and has a systematic approach to managing risk.
The Eight ISMS Modules
Standardise organises your ISMS work into eight integrated modules:
- Statement of Applicability (SoA) — Map all 93 Annex A controls to your organisation, declare applicability, and track implementation status.
- Risk Register — Identify, assess, and treat information security risks using a likelihood-by-consequence scoring matrix.
- Documents — Create policies, procedures, and records from 27 ISO 27001 templates with a rich text editor and version control.
- Evidence — Collect and store audit evidence with file uploads, checksums, and encryption at rest.
- Audits — Plan and execute internal audits, track findings, and monitor corrective actions.
- Incidents — Record security incidents, manage response workflows, and meet Notifiable Data Breach (NDB) reporting deadlines.
- Assets — Maintain an asset register with classification, ownership, and lifecycle tracking.
- AU Compliance — Track Australian-specific obligations including the Privacy Act APPs, Essential Eight maturity, NDB register, and IRAP readiness.
Security by Design
Standardise practises what it preaches. Your data is protected with:
- AES-256-GCM envelope encryption — every tenant has its own encryption keys, with sensitive fields encrypted at the application layer before reaching the database.
- Australian data residency — all infrastructure runs in AWS ap-southeast-2 (Sydney), satisfying Privacy Act APP 8 requirements.
- Role-based access control — five granular roles (Owner, Admin, Manager, Editor, Viewer) with over 50 permissions enforced on every action.
- Immutable audit logs — every mutation is recorded with IP address, user agent, and timestamp for full traceability.
What You Can Achieve
By using Standardise, your organisation can:
- Reduce the time and cost of preparing for an ISO 27001 certification audit.
- Centralise all ISMS artefacts — policies, risk assessments, evidence, and audit reports — in one place.
- Maintain continuous compliance rather than scrambling before annual surveillance audits.
- Demonstrate due diligence to customers, partners, and regulators with a comprehensive, auditable trail.
- Meet Australian regulatory obligations (Privacy Act, NDB scheme, Essential Eight) alongside international standards.