ISO 27001 Copilot for freelancers and solo practitioners
Stand up a credible, defensible ISMS as one person without pretending to be a department.
Built for a scope of one
- Define a defensible one-person ISMS scope without over-engineering it
- Generate policies proportionate to a solo operation, not a 200-person firm
- Cover Annex A A.5.19-A.5.22 supplier controls from the provider side
- Produce the security documentation enterprise clients request before signing
- Run a lightweight internal audit you can actually complete alone
- Keep evidence organised so a client security review is answerable fast
Solo-practitioner ISMS toolkit
One-person-scope statement and exclusion rationale templates
Right-sized policy set mapped to ISO 27001:2022 Annex A
Supplier-relationship control guidance (A.5.19-A.5.22)
Internal audit checklist designed for a single auditor
Risk assessment scaled to a sole-trader threat model
Client-facing security summary you can share on request
Running a credible ISMS as a single practitioner
A one-person ISMS is legitimate under ISO 27001 as long as the scope is honest and the controls are real. The trap is either over-building a corporate ISMS you cannot maintain, or under-documenting so the certificate would not survive an audit. The proportionality lever is scope: clearly state that the ISMS covers your services and infrastructure, and justify exclusions instead of hiding them. The controls clients scrutinise most are the supplier ones, A.5.19 to A.5.22, except you are usually the supplier, so you implement them as the party being assessed: information security in supplier agreements, managing security within the relationship, and addressing it across your own subcontractors. ISMS Copilot keeps that documentation coherent so a solo provider can answer an enterprise security questionnaire without inventing a team.
What specialised compliance AI gives a solo provider →Frequently Asked Questions
Can a single person really hold ISO 27001 certification?
Yes, if the ISMS scope honestly reflects a one-person operation and the controls are genuinely implemented. ISMS Copilot helps you right-size scope and documentation so it survives a certification audit.
Why do clients keep asking about supplier controls?
Because to your client you are the supplier. Annex A A.5.19-A.5.22 covers security in supplier relationships, and enterprise buyers want evidence you apply them, including over any subcontractors you use.
Will the documentation be over-engineered for one person?
No. Outputs are scaled to a sole-trader threat model and scope, so you get a defensible ISMS you can actually maintain alone rather than a corporate template.
Ready to streamline your compliance work?
Built for speed, accuracy, and audit-ready output.