ISO 27001 ISMS for Microsoft 365

Your M365 tenant is already generating ISO 27001 evidence.

Certaria maps your M365 configuration to ISO 27001 controls; your Microsoft Teams workflow guides the work, with an optional AI Agent. No consultant required.

Read-only scan: your data stays in your tenant
Annex A mapped from live M365 configuration
Built on Microsoft Power Platform

Run Your Free Scan See how it works

ISMS Dashboard

Talastron Ltd

M365 connected

Standard tier

Evidence from your tenant

Read-only Microsoft Graph

Overall coverage

ISO 27001 Annex A controls

Live

Evidenced

0 of 93

Annex A controls mapped to evidence
from your M365 tenant

Baseline

Last scan 12 min ago

Fully evidenced

M365 native controls, audit-ready

Partially evidenced

Need policy attestation or sign-off

Manual review needed

Certaria AI agent will guide via Teams

Microsoft Secure Score baseline

M365 history

/ 1000

+47

Baseline as of today

Recent activity

Today, 18 May 2026

Readiness Scan completed: 31 fully evidenced

37 of 93 controls mapped to evidence

12 min ago

Microsoft 365 connection verified

All 6 Microsoft Graph scopes granted

22 min ago

Certaria AI · Microsoft TeamsDay 1 Baseline Scan

I've mapped your Microsoft 365 to ISO 27001 Annex A. 37 of 93 controls are mapped to evidence: 31 fully, 6 need attestation. 56 need manual review. Want to start with the highest-impact controls?

Suggested next steps

Apply Cyber Essentials evidence (covers ~14 controls)

Start policy attestation for 6 controls

Plan my certification pathSee the gap report

ISMS Dashboard

Talastron Ltd

M365 connected

Standard tier

Evidence from your tenant

Read-only Microsoft Graph

Overall coverage

ISO 27001 Annex A controls

Live

Evidenced

0 of 93

Annex A controls mapped to evidence
from your M365 tenant

Baseline

Last scan 12 min ago

Fully evidenced

M365 native controls, audit-ready

Partially evidenced

Need policy attestation or sign-off

Manual review needed

Certaria AI agent will guide via Teams

Microsoft Secure Score baseline

M365 history

/ 1000

+47

Baseline as of today

Recent activity

Today, 18 May 2026

Readiness Scan completed: 31 fully evidenced

37 of 93 controls mapped to evidence

12 min ago

Microsoft 365 connection verified

All 6 Microsoft Graph scopes granted

22 min ago

Certaria AI · Microsoft TeamsDay 1 Baseline Scan

I've mapped your Microsoft 365 to ISO 27001 Annex A. 37 of 93 controls are mapped to evidence: 31 fully, 6 need attestation. 56 need manual review. Want to start with the highest-impact controls?

Suggested next steps

Apply Cyber Essentials evidence (covers ~14 controls)

Start policy attestation for 6 controls

Plan my certification pathSee the gap report

Read-only scan permissions
No data leaves your tenant
Built on Microsoft Power Platform

Talastron built Certaria for real ISO 27001 workloads on Microsoft 365. Meet the team How it works Pricing

functional requirements

Annex A categories (the ISO 27001 control groups)

0min

minute initial scan

£0

per year, all inclusive

What you already have

You're not starting from zero.

Your Microsoft 365 tenant already produces security evidence that counts toward ISO 27001.

Device management

Intune policies controlling which devices access company data. That is evidence for asset management and endpoint security controls.

Access control

Conditional Access policies deciding who signs in and from where. That is evidence for access controls and identity management.

Data protection

Sensitivity labels on documents and emails. That is evidence for information classification and data handling controls.

How Certaria works

Certaria reads it, maps it, guides you.

Your M365 security configuration maps to ISO 27001 controls. Certaria maps it automatically.

Access & Identity

Conditional Access is already ISO 27001 evidence.

Your policies controlling who signs in, from where, and on which devices map directly to Annex A access control requirements. Certaria reads this automatically.

See what we detect

Access Control Scan 4 found

MFA enforced for all users

Sign-in risk policy active

Device compliance required

Legacy auth blocked

Gap-Closing Tasks

Create Information Security Policy Ready

Enable audit log retention (90d) Ready

Document asset inventory process Pending

Set up sensitivity labels Pending

Guided Implementation

AI tells you exactly what to do next.

Certaria generates prioritised tasks based on your scan results. Each task maps to a specific ISO 27001 control. No guesswork: the workflow walks you through each task in Microsoft Teams, with the optional Certaria AI Agent for conversational interpretation when you enable Copilot Credits.

See the full process

AI Compliance Agent

Ask your ISMS anything, in Teams.

A Copilot agent that understands ISO 27001 and your specific implementation. Ask about controls, get policy guidance, check your progress. All inside Microsoft Teams.

Learn more

Certaria Agent

What do I need for Annex A.8 access control?

Based on your scan, you already have 3 of 5 controls evidenced. You still need:

-Access review schedule
-Privileged access policy

Pricing

£3,990/year. Not £15,000-40,000.

Complete ISO 27001 software. Microsoft Teams workflow from Day 1; optional AI Agent via Copilot Credits.

RECOMMENDED

Certaria Standard

£3,990 /year

Complete ISO 27001 software with AI agent

See full pricing

Typical consultant

£25k

Year 1, then £5-10k ongoing

40-80 hours of your time

How it works

Three steps. AI-guided every step of the way.

From first scan to certification, you stay in control.

37%

ISO 27001 coverage detected

Controls found

6/14

Everything you need. Nothing you don't.

A complete ISMS on the platform you already pay for.

Core Feature

Readiness Scan

Automated M365 configuration analysis mapping to all 14 Annex A control categories. Five minutes, read-only. Initial plus monthly recurring.

Coverage by category 6/14 detected

AI Compliance Agent

In-Teams Copilot agent for ISO 27001 guidance in the context of your ISMS.

What controls am I missing?

You need 2 more: access review and privileged access.

Policy Templates

Pre-built policies deployed to SharePoint. Editable, auditor-ready.

Task Generation

Automated gap-closing tasks prioritised by impact across your team.

Evidence & Progress

Graph API collects M365 evidence automatically. Real-time dashboard tracks coverage with exportable reports.

Our story

Built by a team certifying themselves with it.

Talastron built Certaria to solve our own ISO 27001 challenge. Same constraints: small team, tight deadlines, the need to certify without putting the business on hold.

We built an AI compliance agent in Microsoft Teams to do the work, and we're using Certaria to pursue our own certification. Not as a demo. As our actual ISMS.

The scars are in the product.

Microsoft professional certifications

Azure, Data, AI, and Power Platform

Cyber Essentials Certified

UK Government-backed baseline

ISO 27001

Pursuing with Certaria. Target: Nov 2026.

In progress

See where you stand.

Run the free readiness scan to see how much of ISO 27001 your Microsoft 365 tenant already covers. Five minutes, read-only, and nothing leaves your environment.

Run Your Free Scan

Your Scan Result

Complete

Access Control 72%

Asset Management 58%

Cryptography 40%

Physical Security 25%

Operations Security 65%

Communications 80%

37% coverage

Ready to close the gaps