Information Security as a Service

The Logical Solution to ISO 27001 & ISO 27018 Success

Why Use InfoSaaS Information Security Managment Security Software?

  • A secure cloud-based IT risk management solution, with cost-effective subscription options.
  • Perfect for organisations of all sizes, from Start-Up to Enterprise.
  • A proven methodology that has helped achieve ISO27001 certifications for over 20 years.
  • Provides practical and intuitive workflows, suitable for all levels of competency.

Informative Management Dashboard

  • At-a-glance status of your Information Security Management System.
  • Customise how InfoSaaS functions with self-defined risk thresholds and operational parameters.
  • Options to escalate or re-assign ISMS tasks.
  • Manage individual asset information and user functions.

Undertake Effective Risk Management

  • A library of prepared risk assessment templates with common threats and suggested controls.
  • Options to create bespoke risk assessment templates to meet your organisation's unique requirements.
  • Progress risk treatment activities for unacceptable risks identified within assessments.
  • Automatic population of the Statement of Applicability to record implemented controls.
  • Additionally includes cloud-based data vulnerabilities, threats and applicable controls - aligns with ISO27018

Information Security Management System Features

  • Calendar management: view forthcoming tasks and escalate overdue actions.
  • Security incident reporting module, for prompt logging, investigation and closure of incidents.
  • Integrated document management suite, including identification, ownership, reviews and approvals.
  • Informative manual, enabling easy user adoption and maximum benefit realisation from InfoSaaS.
Take a Test Drive
InfoSaaS Dashboard

The InfoSaaS dashboard provides, at a glance, key management information about the status and performance of an information security management system. It combines important metrics about assets, risk assessments, security incidents and documentation status to provide system-wide visibility of an organisation's information security health.

InfoSaaS Dashboard Screenshot
Take a Test Drive
InfoSaaS System Parameters
InfoSaaS System Parameters Screenshot

InfoSaaS is fully configurable so that it operates in accordance with an organisation's specific information security needs. Amongst a number of user-defined system parameters are a range of acceptable risk metrics, default review periods for asset risk assessments and documentation, options for recording supporting evidence against security controls and workflow management for authorising security-related documentation.

Take a Test Drive
Asset Management

Assets can be created (and subsequently assessed) using one of the generic templates provided within InfoSaaS, or using a customised asset template created by the user. The status of assets, including their type, ownership and the date of their last risk assessment can be clearly seen from the searchable Asset Dashboard.

InfoSaaS Asset Dashboard Screenshot
Take a Test Drive
Risk Assessments
InfoSaaS Risk Assessment Screenshot

Each asset is subject to a detailed risk assessment. This requires the asset owner to determine the probability of a range of vulnerabilities being exploited by applicable threats, and assesses the likely impact on the asset if they were actually exploited. They then progress to select and record the security controls which are in place to support their assessments, after which InfoSaaS calculates whether the risks are acceptable to the organisation.

Take a Test Drive
Statement of Applicability

The ISO27001 information security standard requires that the selection and use of security controls to protect assets is recorded in a "Statement of Applicability". Traditionally this is an extensive and time consuming manual activity, InfoSaaS has been designed to prepare and update this key document automatically each time an individual risk assessment is completed.

InfoSaaS Statement of Applicability Screenshot
Take a Test Drive
Asset Dependencies
InfoSaaS Dependency Screenshot

The InfoSaaS methodology recognises that assets may rely upon other assets for their overall security: InfoSaaS users are encouraged to identify and record "parent" and "child" relationships. These can be seen within the asset dependencies chart, and provides a useful and timely messaging service advising upstream and downstream asset owners of notifications of expired risk assessments, security incidents etc.

Take a Test Drive
Security Incidents

Should an asset within InfoSaaS be identified as having been compromised in some way, or even a potential breach is suspected, it is important that this is recorded promptly, so that the appropriate asset owner(s) can investigate and take remedial action without delay, InfoSaaS includes an integrated security incident module which manages and tracks the progress of security incidents from initial reporting, through investigation and remedial actions to final closure.

InfoSaaS Security Incidents Screenshot
Take a Test Drive
Information Security Management System (ISMS) Calendar
InfoSaaS Calendar Screenshot

Many activities within an information security management system are time dependent, so the InfoSaaS calendar keeps track of forthcoming and completed risk assessment activities, security incidents and document management tasks. Additionally, users can add their own "ISMS Events" which may include security training sessions, internal and external audit activities, management reviews etc, so that important activities are never overlooked.

Take a Test Drive
Document Management

InfoSaaS incorporates a document management module, which allows organisations to upload and manage their own documentation, or alternatively record hyperlinks to their documentation if hosted elsewhere. The system allows for various documentation approval workflows, and integration with the InfoSaaS calendar means that future document reviews are visible well in advance of the required review date.

InfoSaaS Document Management Screenshot

Test Drive InfoSaaS

Test Drive Our Demo System Today

The best way to see how InfoSaaS can help your organisation to efficiently manage its Information Security Management System is to use our demonstration environment, pre-populated with a selection of test data, free of charge and without any obligation. Simply complete the form, and you will be sent login details and your access code via SMS within a matter of minutes. Please ensure you provide a valid mobile number.

We trust that you will find InfoSaaS to be a valuable tool, and that you will want to start using live software in your organisation as soon as possible. You can sign-up for a standard subscription quickly and easily, from only £50 per user per month. Please contact us if you would like to discuss other subscription options.

Thank you for registering for access to our demo.
Please check your email and mobile phone for more details.

Didn't receive an SMS message? Check that is the correct number and click to send again.



  • For Individuals
  • Up To 15 Users
  • No Up Front Costs
  • No Minimum Contract
  • Cloud Based Access Anywhere
  • Premium Support

per user/per month
or £500 per user/per year
Sign Up

Small Teams

  • For Small Teams
  • 15 Users Included
  • No Up Front Costs
  • No Minimum Contract
  • Cloud Based Access Anywhere
  • Premium Support

per month
or £3490 per year
Sign Up


  • Businesses of All Sizes
  • 50 Users Included
  • No Up Front Costs
  • No Minimum Contract
  • Premium Support
  • On Premise Deployment Option
  • Up To 1500 Users
per month
or £7490 per year
Additional 50 User Packs £499 per month or £4990 per year
Sign Up


  • For 1500+ Users
  • Unlimited Users Included
  • No Up Front Costs
  • No Minimum Contract
  • Premium Support
  • On Premise Deployment Option

Take a Test Drive

Who Are InfoSaaS?

InfoSaaS, powered by Ctrl O, is a collaborative solution to the implementation and management of ISO27001 systems. Using a proven methodology which has provided numerous successful certifications over 20 years, InfoSaaS has been securely designed using open technology to give maximum reliability, flexibility and scalability - whilst also allowing for a cost effective monthly subscription model for our users around the world. Combined with our experience and passion for this important subject, InfoSaaS is the perfect resource for delivering your information security certification goals. Start your free trial of InfoSaaS today.

UKAS Logo CtrlO Logo LRQA Logo

Take a Test Drive

Frequently Asked Questions

A: Almost every organisation has numerous reasons to be concerned about the security of their valuable data. Every week we see high profile news articles about lost laptop computers, sensitive documents being found on a train, compromised credit card details or newly discovered software vulnerabilities. Actively taking control of your information, by fully understanding relevant vulnerabilities and threats and implementing appropriate security controls, is an essential activity for every organisation, regardless of its size or purpose.
A: Many organisations choose to develop an Information Security Management System, and then seek to have its effectiveness validated against the international standard ISO27001. The InfoSaaS methodology has been successfully used by many organisations as a basis for their own certifications. Whilst this is not a compulsory activity, the assurance and credibility provided by a formal ISO27001 certificate provides clear differentiation in a competitive marketplace, as well as re-assuring your customers that their data is being entrusted to a responsible supplier.
A: InfoSaaS is offered as a secure, cloud-based solution, with no on-premise hardware or software requirements. Cloud services provide a number of financial and operational benefits, which include lower running cost models (no capex requirements), the highest possible levels of security, responsive scalability to meet your needs, and a lower total cost of ownership. Cloud services can be conveniently and securely accessed by users anywhere in the world with an internet connection, on a wide variety of devices (desktops, tablets, smart-phones etc.)
A: The methodology which sits behind InfoSaaS has been successfully deployed to deliver ISO27001 certifications to dozens of organisations over the last 20 years, including certifications from multiple UKAS accredited audit bodies. Whilst some of our customers like to keep their information security arrangements confidential, we have a range of customer references which endorse our work.
A: InfoSaaS is provided with a comprehensive on-line manual, which clearly explains the various modules within the software and how they should be used. The software also contains a number of “tip buttons” which provides focussed and relevant information from within InfoSaaS itself to help users complete specific tasks.
A: We have partnered with a number of credible information security consultants, each of whom has a detailed understanding of InfoSaaS and has completed successful implementation and certifications. If you need additional help in deploying or using InfoSaaS, or in the provision of training for users, please see the Consultants' section within InfoSaaS.
A: InfoSaaS customers’ data is segregated into separated environments, which are only accessible to the customer’s own authorised users. Our cloud infrastructure is securely hosted within accredited data centre environments, the ongoing adherence to security controls of each are regularly assessed within our own ISO27001 risk assessments. Our systems are securely backed up to geographically diverse locations, such that in the extremely unlikely event of one of our data centre locations being rendered unavailable, customers can continue to access InfoSaaS without disruption.
A: By default, we use our two UK data centre locations, and the service is supported within the UK in line with the UK Data Protection Act 1998. However, we have access to a network of secure data centres across the world (each of which maintains its own ISO27001 certification): if data sovereignty is an important consideration for your organisation, we will normally be able to provide InfoSaaS from within your own national boundaries.
A: Best practice is for a customer to login to InfoSaaS and delete their own data before terminating their use of the service. Regardless of whether a customer has undertaken this task or not, InfoSaaS will securely and permanently delete the data files of our customers when they are no longer needed. Once this deletion has taken place, we have absolutely no means of recovering former customer data at any point in the future.
A: Additional users can be created as and when needed from within InfoSaaS. Please be aware, however, that the creation of a user will automatically increase the monthly amount within your billing cycle. It is important that users who no longer use InfoSaaS are promptly removed from the system to avoid their accounts from being billed in the future.
A: Yes – in the first instance please contact to check whether we are (or are planning to) produce InfoSaaS in your chosen language. The modular nature of our solutions means that it can easily be translated into any language within a relatively short timeframe, and billing can also be offered in local currencies in most cases. If you are from a country that is not currently on our roadmap, we may work with you to achieve the result you seek.
A: As information security continues to evolve, we are seeing a resultant increase in certifications, schemes and approaches to help safeguard the security of information. As ISO27001 sits at the heart of many such developments, we are already planning to work with specific scheme providers and industry sectors to develop the InfoSaaS methodology to provide support to specific schemes. Our existing subscribers will be advised of such developments as they are undertaken: non-subscribers should follow our Twitter feed (@info_saas) to be kept informed.
Take a Test Drive