WF ISMS — information security management that actually gets things done
A complete ISMS for ISO 27001, NIS2, GDPR and DORA in one place. Built-in AI and quantitative risk analysis with Monte Carlo give leadership numbers in SEK — not colours. From 2,995 SEK/month with 30 days free trial.
Want a deeper background? Read what an ISMS actually is, the step-by-step ISO 27001 certification guide, the NIS2 requirements for Swedish businesses, or compare WF ISMS against other tools on our ISMS comparison page.
What does WF ISMS cover for compliance?
See your compliance status at a glance. Track implementation progress, open risks, active incidents and audit findings — all in real-time KPIs.
What is included in WF ISMS for full compliance?
Risk Management
Identify, assess and treat IT risks with a complete risk register. Categorize by type, assign risk levels and owners, and map each risk to the relevant framework — ISO 27001, NIS2 or GDPR.
Policies & Documents
Manage all your security policies with version control, approval workflows and framework mapping. Track which policies are approved, under review or need updating.
Security Controls
Pre-mapped controls for ISO 27001 Annex A, GDPR and NIS2. Track implementation status, assign responsible owners and monitor compliance progress across all frameworks simultaneously.
Incident Management
Report, investigate and resolve security incidents with full traceability. Track severity, status and resolution across your organization. From phishing attacks to data breaches — everything documented.
Asset Register & Suppliers
Maintain a complete register of IT assets with classification and criticality. Assess supplier risks with DPA tracking and security evaluations. Know exactly what you have and who has access.
Audits & Reviews
Plan and track internal audits, external reviews and certification audits. Map each audit to the relevant framework and follow up findings with structured action plans.
Reports & Compliance Status
Generate compliance reports for ISO 27001, NIS2 and GDPR with one click. Export as PDF or send via email. Management review dashboards give leadership the complete picture.
Training & Notifications
Track staff security training — awareness, compliance, technical and onboarding. Get real-time notifications for open risks, critical incidents and upcoming deadlines so nothing falls through the cracks.
Monte Carlo simulation built in — risk in SEK, not colours
WF ISMS is one of few ISMS platforms with built-in Monte Carlo simulation — the same method used by insurers, banks and the NIST FAIR model. Run thousands of simulations and report risk to leadership in real numbers.
Annual loss in SEK
Annual Loss Exposure (ALE) per risk and total portfolio in SEK — comparable across businesses and reporting cycles.
P50 / P95 / P99
See the "normal year" vs the "1-in-20 year" vs the tail risk. Percentile-based reporting that leadership can act on.
Loss Exceedance Curve
The probability that losses exceed each given level — board-ready visualisation of tail exposure.
Top-N Pareto analysis
Which 20% of risks account for 80% of exposure? Focus mitigation where it actually matters.
Treatment ROI
When is a security investment worth it? Return on investment and payback time calculated automatically.
Rust-based engine
A custom Rust simulation engine returns blazing-fast results — typically under one second even for large portfolios.
Hybrid mode lets you keep qualitative analysis (5×5 matrix, high/medium/low) for the broad screen of all 50+ risks, and quantitative analysis (SLE, ARO, ALE in SEK) for the 10 most important.
AI that accelerates reporting — in Swedish
Built-in AI helps you draft the documents that take the most time: audit readiness reports, risk treatment plans, control gap analyses and management overviews. The AI interprets your actual risk data and suggests sharp wording — you edit, approve and export.
- Audit readiness report — are we ready for certification?
- Risk treatment plan (ISO 27001 §6.1.3)
- Control gap analysis across all frameworks
- Management overview and Board Pack
- NIS2 Compliance Snapshot
- Custom prompts per organisation (Enterprise)
Built for organisations that take responsibility seriously
Approval workflows
Approval workflows for policies, BCP plans and security analyses with named reviewers and full traceability.
Tasks linked to evidence
Tasks and assignments linked to risks, controls and audit findings. Everyone knows what to do and when.
Complete audit log
Full audit log — who changed what, when and from where. Mandatory for ISO 27001 and NIS2 reporting.
Continuity planning (BCP/DRP)
BCP and DRP with RTO/RPO, test schedules and contact lists — directly tied to ISO 22301 and DORA requirements.
Swedish Protective Security Act
Built-in support for organisations under the Swedish Protective Security Act: SSA, SUA, classification and personnel vetting.
Webhooks & API
HMAC-signed webhooks with SSRF protection, REST API and SSO for integration into existing security stacks.
Why is compliance no longer optional in 2026?
With NIS2, GDPR and increasing cyber threats, every organization needs a structured approach to information security. An ISMS gives you control, traceability and a clearer basis for compliance work.
Regulatory compliance
Meet the requirements of ISO 27001, NIS2, GDPR and SOC 2 with pre-mapped controls and structured processes. Demonstrate compliance to auditors, customers and partners.
Reduce risk proactively
Identify and treat risks before they become incidents. A structured risk register with owners and action plans gives your leadership team full visibility and control.
Win customer trust
More and more customers require their suppliers to demonstrate information security. An ISMS shows that you take security seriously and gives you a competitive advantage in procurement.
Continuous improvement
An ISMS is not a one-time project. With built-in audit tracking, management reviews and KPI dashboards, your security work improves systematically over time.
How is your compliance data protected and kept private?
WF ISMS is built with security at its core. All data is encrypted at rest and in transit. The platform runs on our own servers in our own facilities in Stockholm — no third-party cloud, no external access.
- AES-256 encryption at rest and in transit
- Swedish servers in our own facilities
- No third-party cloud or external access
- Role-based access control
- Complete audit log for all actions
- GDPR compliant by design
Get started in under 15 minutes
From registration to audit-ready report — in four easy steps.
Create account
Register your organization. No installation, no credit card.
Map your organization
Add assets, risks, policies and controls.
Implement controls
Map controls to frameworks, assign owners and upload evidence.
Follow up & report
Generate management reports, SoA and audit evidence as PDF.
Choose the right plan for your organization
All plans include a 30-day free trial. No credit card required to get started.
Starter
For small organisations and consultants who need a structured document repository.
- ✓ Risks, policies, controls, incidents
- ✓ GDPR Art. 30 records
- ✓ Encrypted file attachments
- ✓ Up to 5 users, 200 MB storage
Professional
Complete ISMS for mid-sized companies heading for certification.
- ✓ Everything in Starter
- ✓ Assets, suppliers, audits, training, tasks
- ✓ Business continuity (BCP)
- ✓ Protective security & personnel vetting
- ✓ Approval workflows
- ✓ 12 frameworks in parallel
- ✓ AI report generation
- ✓ Webhooks & REST API
- ✓ Up to 25 users, 2 GB storage
Enterprise
For larger organisations that need quantitative risk analysis, advanced AI and unlimited scale.
- ✓ Everything in Professional
- ✓ Monte Carlo with PERT/Lognormal/Beta
- ✓ Advanced AI incl. Board Pack & NIS2 Snapshot
- ✓ Custom prompts per organisation
- ✓ Unlimited users and storage
- ✓ White-label
Need custom configuration? For banks, public authorities and critical infrastructure we offer dedicated implementation, integration and services — contact us for a quote.
Verified for Swedish operations and data storage
Webbfabriken is a verified member of Based in Sweden — a quality mark initiated by Bahnhof, one of Sweden's largest and most trusted internet operators. The mark is reserved for Swedish cloud providers with operations and data storage in Sweden. For you, this means clearer jurisdiction, a shorter delivery chain and an external guarantee that systems and information are actually handled in Sweden.
External quality mark — verified by Bahnhof — for companies that want to know where their data resides, who runs the systems and which regulatory framework applies from the outset.
Are you affected by the NIS2 directive in Sweden?
The EU NIS2 directive introduces new cybersecurity requirements for many organizations. If you operate in critical sectors or provide essential services, you likely need to comply. WF ISMS helps you map requirements, implement controls and demonstrate compliance.
Ready to take control of your compliance?
Contact us to book a demo of WF ISMS and see how we can help your organization.
Frequently asked questions about WF ISMS
What is the difference between ISO 27001 and NIS2?
How does WF ISMS help me get certified?
Can I use WF ISMS for GDPR compliance?
How much does an ISMS tool cost?
How secure is the platform itself?
Which frameworks are supported beyond ISO 27001?
What is quantitative risk analysis and Monte Carlo?
Describe what you want to secure or investigate
We help you choose the right protection level, right product or the right next security step.