ISO 27001:2022 Annex A93 controls. Hundreds of pages.
Know exactly where to look.
Upload your client's ISMS documentation. Certentia maps every page to the relevant Annex A controls, highlights where evidence is missing, and shows you the gaps—so you start your audit with a structured map, not a blank spreadsheet.
2 free analyses. No credit card required.
What changes
The gap analysis workflow, before and after
Without Certentia
- Manually cross-reference hundreds of document pages
- Build control-by-control spreadsheets from scratch
- Chase evidence across fragmented files
- Repeat the entire process when documents change
With Certentia
- AI maps every page to the relevant controls automatically
- Gaps and missing evidence flagged before you start reading
- Document updated? See changes and re-map only the affected controls
- Export a structured report — ready for your client
Hours spent searching documents for evidence.
And you still can't be sure you didn't miss something.
What you get
A map, not a verdict
For each control, you see which pages are relevant, where evidence is strong, and where it's missing
Found relevant content in the ISMS policy document (scope, objectives), but no review schedule or sign-off records. Section 3.2 mentions annual reviews—worth checking if supporting records exist elsewhere.
ISMS-Policy-v2.pdfpages 3–4
“The information security policy shall be reviewed at planned intervals or if significant changes occur to ensure its continuing suitability, adequacy, and effectiveness.”
Gap: No review schedule or sign-off records found. You decide whether to request them from the client or note the gap.
How it works
Three steps to a complete gap analysis
Upload documents
Upload your client's ISMS policies, procedures, and evidence. PDF and DOCX, up to 10 documents per audit.
AI maps the evidence
Certentia reads every page and maps it to the relevant Annex A controls. Where evidence is missing or insufficient, it flags the gap.
You make the call
Review the mapped evidence, see the flagged gaps, and make your professional judgment. Every decision is yours — Certentia just shows you where to look.
Built for auditors
Professional tools that respect your expertise
93 Annex A Controls
Complete coverage of ISO 27001:2022. Every organizational, people, physical, and technological control mapped against your documents.
Page-to-Control Mapping
AI pinpoints which pages and passages are relevant to each control. You see exactly where the evidence is — and where it isn't.
Gap Overview
At-a-glance summary: which controls have strong evidence, which have gaps, and which have no coverage at all. Drill into any finding.
Your Judgment, Final
AI suggests, you decide. Override any assessment with your professional judgment. Both the suggestion and your decision are preserved for the audit trail.
Confidential by Design
Documents encrypted at rest, transmitted over TLS, and automatically purged after 30 days. We never use your data to train models.
EU-Hosted AI
Powered by Gemini 2.5 Pro hosted in the EU. Enterprise-grade infrastructure with no client data retained by the AI provider.
Your data, your control
We handle confidential audit documents with the care they deserve. All data is encrypted in transit and at rest. Documents are automatically purged after 30 days. We never use your data to train AI models.
Common questions
Is the AI making audit judgments for me?
No. Certentia maps document pages to controls and flags where evidence is missing — it navigates, you decide. Every finding can be overridden. Your professional judgment is always the final word, and both the AI suggestion and your decision are stored for a complete audit trail.
How is client data protected?
Documents are encrypted at rest (AES-256) and in transit (TLS 1.3). All uploads are automatically deleted after 30 days. We do not use your data to train AI models. The AI provider does not retain input data.
Can I export the results for my client?
Yes. Export a complete gap analysis report as an Excel spreadsheet — all 93 controls with conformity levels, AI reasoning, and evidence references.
What happens when my client updates a document?
Upload the new version as a replacement. Certentia identifies which controls were affected by the changes and re-analyzes only those — preserving your existing reviews on unaffected findings.
Does Certentia use the official ISO 27001 text?
No. ISO standards are copyrighted. Our control descriptions and assessment criteria are written in our own words as an interpretive framework based on the publicly known structure of ISO/IEC 27001:2022 Annex A. Certentia is not affiliated with or endorsed by ISO or IEC.
Stop searching. Start auditing.
Upload documents. See where to look. Make the call.
Two free analyses, no credit card required.