The company
We work for the people who pay us. No one else.
Everything on this page follows from that.

Who you're dealing with
A consultant and an engineer.
ISMS Copilot is Tristan, an ISO 27001 consultant who still runs audits, and Alex, the engineer who helped ship the first version in 2023 and still ships today.
There are no investors behind us. No board. No growth target set by someone who has never met a customer. We sell a product, people pay for it, and that pays for everything. It is an old-fashioned way to run a software company. We recommend it.
01
Made by the profession, for the profession.
ISMS Copilot is built for the people who do this work for a living: consultants, CISOs, auditors, compliance leads. And it is built by them. Information security compliance professionals (CISM, ISO 27001 Implementer and Lead Implementer) wrote its DNA.
We did not discover compliance through a market analysis. We do this work. That is why the product speaks your language instead of a generic AI's.
02
Your price is your price.
We have never raised the price on an existing customer. The price you signed up at is the price you keep.
It cuts the other way too. When something we charged extra for stops costing us extra, we remove the charge. When we get more efficient, we keep prices flat instead of taking the margin. Investor-backed companies call this leaving money on the table. We call it the reason customers stay for years.
03
Every message gets an answer. Every problem gets fixed.
Write to support and someone who builds the product reads it. A question gets an answer. A bug gets a debugging session, sometimes a personal one. A reasonable feature request gets built more often than you would expect. Some fixes take four days of real engineering. Then that is what they take.
We will not claim perfection: an email can slip through. But seeing a problem and doing nothing about it is not something we do. Reported problems get solved.
04
We ship every day.
Open the changelog and look at the dates. The product improves daily, not in quarterly announcements. Continuous improvement is the core principle of every management system our customers build. Running our own company any other way would be absurd.
05
We are our own hardest customer.
ISMS Copilot is used to build and secure ISMS Copilot. Every pull request we merge is reviewed by HeyGRC, our own compliance reviewer, so shipping fast never drifts from our own ISMS. Independent penetration testers have attacked the product we ask you to trust.
We sell compliance software. Running our own company on it is the minimum you should demand of anyone in this market.
