Skip to content

ISO/IEC 27001:2022 and ISO/IEC 42001:2023

Your ISO document set,
written for your business
in an afternoon.

A template pack hands you 37 blank Word files and wishes you luck. An AI chatbot invents controls you never bought. PolicyMint knows the standards, knows which documents you actually need, and asks you in plain English when it needs something it cannot know.

No credit card. Your first documents are on us.

Northwind Logistics

Information Security Policy

Internal
Mapped controls A.5.1 A.5.9 A.8.2

3. Policy requirements

Needs input

Who approves exceptions to this policy? We have suggested the IT Manager based on your roles.

Verified by 3 independent checks

94%

The two things you would otherwise do

Buy a template pack, or argue with a chatbot

Both get you a pile of words. Neither gets you a document set an auditor will accept, and neither tells you when it is wrong.

Tells you which documents you actually need

No

You get everything, applicable or not

No

It does not know your scope

Yes

Every document tiered required, required-if-applicable, or optional, with your progress tracked

Has actually read the standard

Partly

It was written from one, once

No

It recalls the shape of it and fills the rest in

Yes

Drafting is grounded in the licensed clause text for the exact clauses your document maps to

Writes it for your business, not a placeholder

No

[INSERT COMPANY NAME], 40 times

Partly

Only as well as you can describe yourself, every time

Yes

Built from your company profile, and it asks in plain English when it needs something it cannot know

Keeps documents consistent with each other

No

You reconcile 30 documents by hand

No

Fresh context each chat, so it contradicts itself

Yes

Each document is written against what your other documents already committed to

Checks the work before you see it

No

Nothing to check, it is a blank

No

It is confident either way

Yes

Three independent verifiers on a different AI model, plus a repair pass, and you see the marks

Refuses to invent controls you do not have

No

It claims controls generically

No

It will happily describe a SIEM you never bought

Yes

It flags what it does not know instead of guessing, and asks you

Comes out in your branding, ready to issue

No

You format all of it

No

You get raw prose to paste and style

Yes

Your logo and colours, in Word and PDF, identical to what you previewed

How it works

From nothing to a document set, in one sitting

The order matters. Most tools start by asking you to write. PolicyMint starts by working out what you need, so you never write a document you did not have to.

  1. 1. Tell it about your business, once

    Give it your company name and website and it drafts your profile for you: industry, size, locations, the systems you run, the data you hold. Set your logo and brand colours in the same sitting. Everything after this is built from it.

  2. 2. See exactly what you need

    Not a folder of 40 files. A tiered list: what a clause makes mandatory, what becomes mandatory because a control applies to you, and what is genuinely optional. You start knowing the shape of the job.

  3. 3. Answer a few plain-English questions

    No ISO jargon, no request to list your risks. Each question explains why it is being asked, shows examples for a business like yours, and pre-fills the recognised best-practice answer so you can accept it and move on.

  4. 4. It drafts, then marks its own work

    Grounded against the clause text, checked by three verifiers on a different model, repaired where it fell short, and screened so no standard text leaks through. Anything it could not know is flagged rather than invented.

  5. 5. Fill the gaps with the copilot, then export

    Work through the flagged gaps with the copilot explaining each one in plain English. Answer once, and it ripples into every document that needed the same fact. Then export in your branding, in Word or PDF.

ISO 27001 documents

37

ISO 27001 documents

tiered by what you actually need

ISO 42001 documents

22

ISO 42001 documents

for AI management systems

Clauses and controls mapped

182

Clauses and controls mapped

every document cites the ones it satisfies

Verifiers per section

3

Verifiers per section

on a different model to the writer

What it does

Not a chatbot with a nice wrapper

Every claim below is something the product does today. The interesting ones are the things it refuses to do.

Grounding

It has actually read the standard

Most AI writing about ISO is recalling the shape of a standard it saw once. PolicyMint drafts against the licensed clause text for the exact clauses each document maps to, so the requirements in your policy are the requirements in the standard.

  • Drafted against the clauses your document maps to, not a summary of them
  • A deterministic screen strips any verbatim run of standard text before you see it, so you get your document and never a copy of the standard
  • Every export prints the exact clauses and Annex A controls that document satisfies

Coverage

It knows which documents you need

The hardest part of starting ISO is not writing. It is knowing what to write. A template pack hands you everything and lets you work out what applies. PolicyMint tells you.

  • Every document tiered: required by a clause, required if a control applies to you, or genuinely optional
  • Progress tracked against the certifiable set, with what is still missing named
  • A Statement of Applicability assembled across every Annex A control, from what your documents actually cover

Quality

It checks its own work, and shows you the marks

A chatbot is exactly as confident when it is wrong. Every section PolicyMint drafts is put in front of three independent verifiers running on a different AI model from the one that wrote it, because a model is a poor judge of its own output.

  • Three independent verifiers per section, deliberately on a different AI model to the drafter
  • Anything that fails goes back for a repair pass, and the repair is only kept if it is genuinely better
  • You see the verdict, the confidence and the outstanding gaps, rather than being asked to trust it

Review copilot

It asks you instead of making things up

When PolicyMint does not know something about your business, it will not invent a SIEM you never bought. It marks the gap, and then walks you through every mark, one at a time.

  • It explains in plain English what it needs and why it matters, then highlights the exact spot in the document
  • Answer once and it fills the same fact into every other document that needed it
  • It remembers, so the next document never asks you again

Branding

Your brand, ready to issue

Set your logo and colours once. Every document comes out looking like it came from your business, because it did. Preview, Word and PDF render from one shared set of building blocks, so what you approve on screen is what lands in the file.

  • Your logo, primary and secondary colours, with text contrast chosen for legibility rather than left to you
  • Word and PDF, plus a spreadsheet export for registers and the control matrix
  • Diagrams and process flows themed to your brand, not stock clip art

For consultants, MSPs and vCISOs

Run ISO 27001 for every client from one workspace

If you deliver ISO 27001 or ISO 42001 for a book of clients, PolicyMint gives you a multi-client workspace: generate and manage a separate, correctly branded document set for each company you look after, without a second tool or a per-client platform seat.

One login, every client
Switch between clients in a click. No separate accounts to juggle, no second tool, no spreadsheet tracking who has which documents.
Each client in their own brand
Every document carries that client's logo and colours, not yours and not a generic template. White-label by default, per client.
Reuse your expertise, keep clients apart
Your best answers and defaults carry across engagements, while each client's scope, systems and specifics stay theirs alone.
A new client, a full set, one afternoon
Onboard a client and stand up their required ISO 27001 or ISO 42001 documents the same day, on their brand, checked before you hand them over.
Coming soon See how it works

Questions

The ones worth asking

Including the two most people are too polite to ask.

Will this get me certified?

It produces the documentation, not the certificate. A certification body audits your organisation, not your PDFs. What PolicyMint does is remove the part that stalls most small businesses: having a complete, consistent, credible document set to be audited against, written for how you actually operate. Every document carries a fixed disclaimer to that effect, and that disclaimer is never AI-generated.

Is this legal or compliance advice?

No. PolicyMint generates documentation based on the standards and on well-established security practice. It does not replace an advisor, an auditor or a lawyer, and it does not guarantee certification.

How is this different from just asking ChatGPT?

Three things a general chatbot cannot do. It is grounded in the licensed clause text for the exact clauses each document maps to, rather than recalling the standard from memory. It knows the full document set and tells you which ones you actually need. And it checks its own work with three independent verifiers running on a different AI model, then repairs what fails, before you ever see the draft. A chatbot is equally confident whether it is right or wrong.

What happens to the ISO standard text itself?

You never receive it. The licensed text is used internally as ground truth for drafting, and a deterministic screen removes any verbatim run of standard text from a generated document before it is saved, previewed or exported. You get documents written for your business, not a reproduction of a copyrighted standard.

Can I edit what it writes?

All of it, section by section. You can rewrite a section yourself, ask for a scoped change in plain English, or have a section fully redrafted with your notes on what was wrong. Nothing is saved until you accept it.

What if it does not know something about my business?

It says so rather than inventing it. Anything it cannot know is marked in the document, and the review copilot then walks you through each mark, explains in plain English what it needs and why, and fills it in. Answer once and it ripples the same fact into every other document that needed it, and remembers it so you are never asked twice.

I already have some policies. Do I start over?

No. Upload an existing Word or PDF policy and PolicyMint rebuilds it as a compliant, on-brand document informed by what you already had. It is a rebuild rather than a reformat, so the result follows the structure the standard expects instead of preserving whatever your old template did.

I am a consultant or MSP. Can I manage several clients?

Yes. PolicyMint has a multi-client workspace built for consultants, managed service providers and virtual CISOs. From one login you generate and manage a separate document set for each client, in that client's own branding, and switch between them in a click. Your defaults and expertise carry across engagements while each client's scope and specifics stay theirs. It replaces juggling separate accounts, and it costs far less than a per-client GRC platform seat.

Which standards do you cover?

ISO/IEC 27001:2022 for information security and ISO/IEC 42001:2023 for AI management systems, including the Annex A controls and an auto-assembled Statement of Applicability. There is also a set of general cyber security policies for businesses that want the documents without pursuing certification.

Stop staring at an empty document set

Set up your business once. Get the documents you actually need, written for how you really operate, in your branding, checked before you see them.

Coming soon

Your first documents are on us. No credit card, no sales call.