Skip to main content
This guide walks you through the core ISOwl workflow from first login to your first PDF export. No installation or account setup is required.
ISOwl runs entirely in the browser. All data is stored in localStorage — nothing is sent to a server.

Demo credentials

Two pre-configured accounts are available for immediate use:
AccountEmailPasswordRoleWorkspace
Agency Adminadmin@agencia.comadmin123CISOAgency (all clients)
Client Ownerowner@cliente.comcliente123OWNERCLIENT_A only
Start with the Agency Admin account to access the full feature set.

Steps

1

Open ISOwl in your browser

Navigate to your ISOwl instance in any modern browser. The application loads immediately — no installation or sign-up required.You will be redirected to the login screen if you are not already authenticated.
2

Log in as Agency Admin

Enter the Agency Admin credentials on the login screen:
Email:    admin@agencia.com
Password: admin123
After a successful login, your role is set to CISO and you land on the Executive Dashboard in the Agency workspace.
The CISO role has full read and write access to all modules. Use the owner@cliente.com account to experience the restricted client view.
3

Explore the Executive Dashboard

The dashboard (/) shows a high-level summary of your ISMS posture:
  • Clause conformance — percentage of Clause 4–10 requirements marked as implemented
  • Annex A coverage — number of controls evaluated vs. total (93)
  • Open risks — count of risks without an accepted or mitigated status
  • Pending evidence — items awaiting review or expiring soon
Review these KPIs to understand the starting state of the demo workspace.
4

Mark your first clause requirement

Navigate to Clauses (/clauses) in the sidebar.
  1. Expand Clause 4 — Context of the organisation.
  2. Locate requirement 4.1 — Understanding the organisation and its context.
  3. Click the status selector and change it from Not Implemented to Implemented.
  4. Observe the clause conformance percentage update on the dashboard.
Repeat for any other requirements you want to explore. Each clause can be expanded or collapsed independently.
5

Evaluate your first Annex A control

Navigate to Annex A (/annex-a) in the sidebar.Controls are grouped into four themes: Organisational, People, Physical, and Technological.
  1. Open the Organisational theme.
  2. Select control A.5.1 — Policies for information security.
  3. Set the implementation status and add any relevant notes.
  4. Save the evaluation.
The Annex A coverage metric on the dashboard will reflect the change.
6

Add your first asset

Navigate to Assets (/assets) in the sidebar.
  1. Click Add asset.
  2. Fill in the asset name, type (e.g. Server, Application, Data), classification (e.g. Confidential), and owner.
  3. Save the asset.
Assets are used as the foundation for risk assessments. Each risk is linked to one or more assets.
7

Run a risk assessment

Navigate to Risk (/risk) in the sidebar.
  1. Click Add risk.
  2. Select the asset you created in the previous step.
  3. Describe the threat and vulnerability.
  4. Set the likelihood and impact scores (1–5).
  5. Choose a treatment option: Mitigate, Accept, Transfer, or Avoid.
  6. Save the risk entry.
The risk register provides a calculated inherent risk score and tracks treatment status over time.
8

Export the Executive Report as PDF

Return to the Executive Dashboard (/).Click Export PDF (or the equivalent export button in the dashboard header). ISOwl uses jsPDF to generate a report containing:
  • ISMS posture summary
  • Clause conformance breakdown
  • Annex A control coverage
  • Top risks by score
The file downloads directly to your browser’s default download location.
PDF export is the primary way to preserve a snapshot of your ISMS state. Export regularly, as localStorage data is not backed up automatically.

Next steps

Authentication & Access

Learn about roles, multi-tenant workspaces, and how to switch between client accounts.

Clauses 4–10

Deep-dive into requirement-level tracking for all mandatory ISO 27001 clauses.

Risk Assessment

Understand the risk scoring model and treatment workflow.

Evidence Repository

Learn how to attach and manage documentary evidence against controls.

Build docs developers (and LLMs) love

Get started for freeTalk to us