93 controls. Hundreds of pages.
Know exactly where to look.
Upload your client's ISMS documentation. Certentia maps every page to the relevant Annex A controls and shows you exactly where evidence is missing.
2 free analyses. No credit card required.
What you get
A map, not a verdict
No black-box scores. Every assessment traces back to the document, the page, and the excerpt
ISMS-Policy-v2.pdfpages 3–4
“The information security policy shall be reviewed at planned intervals or if significant changes occur to ensure its continuing suitability, adequacy, and effectiveness.”
AI Reasoning
Found relevant content in the ISMS policy document (scope, objectives), but no review schedule or sign-off records. Section 3.2 mentions annual reviews—worth checking if supporting records exist elsewhere.
The gap analysis workflow
Before and after
Without Certentia
- Manually cross-reference hundreds of document pages
- Build control-by-control spreadsheets from scratch
- Chase evidence across fragmented files
- Repeat the entire process when documents change
With Certentia
- AI maps every page to the relevant controls automatically
- Gaps and missing evidence flagged before you start reading
- Document updated? See changes and re-map only the affected controls
- Export a structured report — ready for your client
How it works
Four steps to a complete gap analysis
Upload documents
Upload your client's ISMS policies, procedures, and evidence. PDF, Word, Excel, PowerPoint, and more — up to 10 documents per audit.
AI maps the evidence
While the analysis runs, you can already start reviewing documents in a page-by-page viewer and leave your notes on each page. Everything is saved in real time.
You make the call
See which pages map to each control. Add or remove pages, compare AI findings with your own notes, and override any assessment.
Export the report
Download a structured Excel document with your review, page notes, and conformity levels — ready to hand to your client.
Built for auditors
Professional tools that respect your expertise
93 Annex A Controls
Complete coverage of ISO 27001:2022. Every organizational, people, physical, and technological control mapped against your documents.
Confidential by Design
Documents encrypted at rest, transmitted over TLS, and automatically purged on your schedule. We never use your data to train models.
EU-Hosted AI
Gemini 2.5 Pro hosted in the EU. No client data retained by the AI provider. No training on your documents.
Common questions
Is the AI making audit judgments for me?
No. Certentia navigates, you decide. Every finding can be overridden, and both the AI suggestion and your final call are preserved for the audit trail.
What happens when my client updates a document?
Upload the new version as a replacement. Certentia identifies which controls were affected by the changes and re-analyzes only those — preserving your existing reviews on unaffected findings.
Does Certentia use the official ISO 27001 text?
No. ISO standards are copyrighted. Our control descriptions and assessment criteria are written in our own words as an interpretive framework based on the publicly known structure of ISO/IEC 27001:2022 Annex A. Certentia is not affiliated with or endorsed by ISO or IEC.
What document formats are supported?
PDF, Word (DOCX, DOC), Excel (XLSX, XLS), PowerPoint (PPTX, PPT), OpenDocument (ODT), and RTF. Up to 10 documents per audit, 50 pages per document, 50 MB per file.
Reviewed ✓
R. Hayes
27 Apr 2026
Stop searching. Start auditing.
Upload documents. See where to look. Make the call.
2 free analyses, no credit card required.