ISO 27001 NIS2 GDPR

The ISMS platform for ISO 27001, NIS2 & GDPR

Compliance for ISO 27001, NIS2 & GDPR — in one powerful platform. Manage risks, policies, controls and incidents with full traceability. From 3,990 SEK/month with 30 days free trial.

Get security help Try WF ISMS
WF ISMS Dashboard
WF ISMS Riskhantering
WF ISMS Compliance

Want a deeper background? Read what an ISMS actually is, the step-by-step ISO 27001 certification guide, the NIS2 requirements for Swedish businesses, or compare WF ISMS against other tools on our ISMS comparison page.

Dashboard

What does WF ISMS cover for compliance?

See your compliance status at a glance. Track implementation progress, open risks, active incidents and audit findings — all in real-time KPIs.

5+Frameworks
20+Built-in Controls
100%Swedish Servers
WF ISMS Dashboard

What is included in WF ISMS for full compliance?

Risk Management

Identify, assess and treat IT risks with a complete risk register. Categorize by type, assign risk levels and owners, and map each risk to the relevant framework — ISO 27001, NIS2 or GDPR.

Risk Management
Policies

Policies & Documents

Manage all your security policies with version control, approval workflows and framework mapping. Track which policies are approved, under review or need updating.

Security Controls

Pre-mapped controls for ISO 27001 Annex A, GDPR and NIS2. Track implementation status, assign responsible owners and monitor compliance progress across all frameworks simultaneously.

Controls
Incidents

Incident Management

Report, investigate and resolve security incidents with full traceability. Track severity, status and resolution across your organization. From phishing attacks to data breaches — everything documented.

Asset Register & Suppliers

Maintain a complete register of IT assets with classification and criticality. Assess supplier risks with DPA tracking and security evaluations. Know exactly what you have and who has access.

Assets
Audits

Audits & Reviews

Plan and track internal audits, external reviews and certification audits. Map each audit to the relevant framework and follow up findings with structured action plans.

Reports & Compliance Status

Generate compliance reports for ISO 27001, NIS2 and GDPR with one click. Export as PDF or send via email. Management review dashboards give leadership the complete picture.

Reports
Training

Training & Notifications

Track staff security training — awareness, compliance, technical and onboarding. Get real-time notifications for open risks, critical incidents and upcoming deadlines so nothing falls through the cracks.

Why an ISMS?

Why is compliance no longer optional in 2026?

With NIS2, GDPR and increasing cyber threats, every organization needs a structured approach to information security. An ISMS gives you control, traceability and a clearer basis for compliance work.

Regulatory compliance

Meet the requirements of ISO 27001, NIS2, GDPR and SOC 2 with pre-mapped controls and structured processes. Demonstrate compliance to auditors, customers and partners.

Reduce risk proactively

Identify and treat risks before they become incidents. A structured risk register with owners and action plans gives your leadership team full visibility and control.

Win customer trust

More and more customers require their suppliers to demonstrate information security. An ISMS shows that you take security seriously and gives you a competitive advantage in procurement.

Continuous improvement

An ISMS is not a one-time project. With built-in audit tracking, management reviews and KPI dashboards, your security work improves systematically over time.

Security & Privacy

How is your compliance data protected and kept private?

WF ISMS is built with security at its core. All data is encrypted at rest and in transit. The platform runs on our own servers in our own facilities in Stockholm — no third-party cloud, no external access.

  • AES-256 encryption at rest and in transit
  • Swedish servers in our own facilities
  • No third-party cloud or external access
  • Role-based access control
  • Complete audit log for all actions
  • GDPR compliant by design
WF ISMS
How it works

Get started in under 15 minutes

From registration to audit-ready report — in four easy steps.

1

Create account

Register your organization. No installation, no credit card.

2

Map your organization

Add assets, risks, policies and controls.

3

Implement controls

Map controls to frameworks, assign owners and upload evidence.

4

Follow up & report

Generate management reports, SoA and audit evidence as PDF.

Pricing

Choose the right plan for your organization

All plans include a 30-day free trial. No credit card required to get started.

Starter

3 990 kr / month

Perfect for small organizations starting structured security work.

  • ✓ Up to 5 users
  • ✓ Risk management & controls
  • ✓ Policies & incidents
  • ✓ 5 GB encrypted storage
  • ✓ 2FA & Audit Log
Start free trial
MOST POPULAR

Professional

6 490 kr / month

For growing organizations with high demands on traceability, reporting and integrations.

  • ✓ Up to 25 users
  • ✓ All Starter features
  • ✓ Supplier risk & audits
  • ✓ 25 GB encrypted storage
  • ✓ PDF reports & training
  • ✓ REST API access
  • ✓ SSO integration
Start free trial

Larger plan

Contact us

Custom solutions for larger organizations with specific compliance needs.

  • ✓ Unlimited users
  • ✓ All Professional features
  • ✓ Dedicated implementation support
  • ✓ Custom integrations
  • ✓ Priority support & SLA
Contact us
Quality mark

Verified for Swedish operations and data storage

Webbfabriken is a verified member of Based in Sweden — a quality mark initiated by Bahnhof, one of Sweden's largest and most trusted internet operators. The mark is reserved for Swedish cloud providers with operations and data storage in Sweden. For you, this means clearer jurisdiction, a shorter delivery chain and an external guarantee that systems and information are actually handled in Sweden.

Operations in Sweden Data stored in Sweden Systems and operations in Sweden Clearer control and accountability
Read about Based in Sweden
Based in Sweden

External quality mark — verified by Bahnhof — for companies that want to know where their data resides, who runs the systems and which regulatory framework applies from the outset.

NIS2

Are you affected by the NIS2 directive in Sweden?

The EU NIS2 directive introduces new cybersecurity requirements for many organizations. If you operate in critical sectors or provide essential services, you likely need to comply. WF ISMS helps you map requirements, implement controls and demonstrate compliance.

Ready to take control of your compliance?

Contact us to book a demo of WF ISMS and see how we can help your organization.

Book a Demo Try WF ISMS

Frequently asked questions about WF ISMS

What is the difference between ISO 27001 and NIS2? +
ISO 27001 is an international standard for information security management that organizations can certify against. NIS2 is an EU directive that places legal requirements on the security of essential and important entities. WF ISMS supports both frameworks with shared control mapping.
How does WF ISMS help me get certified? +
WF ISMS helps you document and follow up all requirements in ISO 27001:2022. The platform generates audit-ready reports such as Statement of Applicability (SoA), risk assessments and management reviews — everything the auditor needs to see.
Can I use WF ISMS for GDPR compliance? +
Yes. WF ISMS includes GDPR Art. 30 records of processing, DPIA assessments, processing registers with legal basis and security measures. You can also track personal data incidents with NIS2-compliant reporting.
How much does an ISMS tool cost? +
WF ISMS starts from 3,990 SEK/month for small organizations (up to 5 users). All plans include 30 days free trial without credit card. Custom pricing is available for larger organizations.
How secure is the platform itself? +
WF ISMS uses AES-256 encryption for all uploaded files, TOTP two-factor authentication, role-based access control (RBAC) and full audit log. All data is stored in Sweden with separate databases per organization (multi-tenant).
Which frameworks are supported beyond ISO 27001? +
WF ISMS supports ISO 27001:2022, NIS2, GDPR, SOC 2, DORA, PCI DSS, MSB frameworks, the Swedish Protective Security Act and more. Controls can be mapped to multiple frameworks simultaneously.
Direct contact

Describe what you want to secure or investigate

We help you choose the right protection level, right product or the right next security step.

We usually reply within one business day.