ISMS Copilot
First steps

Getting Started with ISMS Copilot

This guide walks you through your first steps with ISMS Copilot, from creating your account to generating your first compliance document. You'll be up and running in under 5 minutes.

Step 1: Create Your Account

Sign up for a free account at ismscopilot.com. You have two options:

  • Email and password: Requires a strong password (8+ characters with uppercase, lowercase, numbers, and symbols). You'll need to verify your email before accessing the platform.

  • OAuth (Google or Microsoft): Sign in with your existing account. No email verification needed, and you can enable MFA through your OAuth provider for enhanced security.

ISMS Copilot doesn't offer native multi-factor authentication. If you need MFA for security compliance, use Google or Microsoft OAuth with MFA enabled on those accounts.

For detailed signup instructions and troubleshooting, see Creating Your Account.

Step 2: Choose How to Organize Your Work

When you first log in, you'll see the main dashboard with a chat interface. Before asking your first question, decide how to organize your work:

Personas vs. Workspaces

Personas adjust the AI's responses based on your role. There are 3 specialized personas:

  • Implementer: Practical, step-by-step implementation advice

  • Auditor: Verification-focused responses with evidence requirements

  • Consultant: Client-facing recommendations and deliverables

When no persona is selected, you get general compliance guidance (default mode).

Workspaces let you organize separate projects or clients with dedicated chat histories, custom instructions, and file uploads.

Personas and workspaces are mutually exclusive. If you create a workspace, your persona setting resets. Choose workspaces if you manage multiple clients or projects.

Most users starting out can begin with a persona. As you add more projects, explore workspaces for better organization.

Step 3: Ask Your First Question

Type a specific compliance question in the "What are you working on?" input field. The more specific you are, the better your results.

Examples of Good Questions

What controls does ISO 27001 Annex A.8.1 require for asset management?

Create an information security policy for a 50-person SaaS company

How do I demonstrate SOC 2 CC6.1 logical access controls?

What are the key differences between GDPR and NIS2 for incident reporting?

What to Avoid

  • Vague questions like "Tell me about ISO 27001"

  • Questions outside compliance frameworks (ISMS Copilot specializes in security and compliance)

  • Expecting the AI to replace official documentation—always verify critical information against source standards

ISMS Copilot's knowledge base is built from real consulting projects covering ISO 27001, ISO 42001, ISO 27701, SOC 2, HIPAA, GDPR, CCPA, NIS 2, DORA, ISO 9001, ISO 22301, HDS, TISAX, and EU AI Act. Ask framework-specific questions for best results.

Learn more in Starting Your First Conversation.

Step 4: Upload Documents for Analysis (Optional)

One of ISMS Copilot's most powerful features is analyzing your existing compliance documents. Click the paperclip icon or drag files into the chat to upload:

  • Supported formats: PDF, DOC, DOCX, XLS, XLSX, CSV, JSON, TXT

  • File size limit: 10 MB for simple files (TXT, CSV, JSON), 5 MB for convertible files (PDF, DOC, DOCX, XLS, XLSX)

  • Upload limit: One file per message

After uploading, you can ask the AI to:

  • Perform gap analysis against a framework

  • Review policies for compliance coverage

  • Extract controls from existing documentation

  • Prepare audit evidence summaries

Example Upload Workflow

1. Upload your current information security policy (PDF)
2. Ask: "Perform a gap analysis of this policy against ISO 27001 Annex A"
3. Review the AI's findings and recommendations

If your file exceeds the size limit (10 MB for simple files, 5 MB for convertible files) or is in an unsupported format, you'll see an error message. You cannot edit or delete messages after sending, so double-check your upload before submitting.

Step 5: Generate Your First Document

Ask ISMS Copilot to generate compliance documents based on your needs:

Generate an ISO 27001 risk assessment template for a cloud service provider

Create a GDPR data processing agreement for vendor management

Draft a SOC 2 incident response procedure

When the AI generates a document, you'll see a blue "Generated Documents" card in the response. Click the download button to save it to your device.

Your first successful document generation typically happens within 2-5 minutes of signing up. This is your "aha moment"—you've just created audit-ready content tailored to your needs.

Understand Your Plan Limits

Free accounts include approximately 10 messages per 4-hour rolling window. When you hit this limit, you'll see a purple overlay prompting you to upgrade.

Plan Comparison

  • Free: Limited usage, basic features, all frameworks

  • Plus ($24/month or $240/year): Daily compliance work with increased quotas

  • Pro ($100/month or $1000/year): Extended usage for heavy workloads, priority response times

  • Business ($250/month or $2500/year): Maximum usage, priority support

Most users exploring the platform start with the free tier and upgrade when they begin active implementation projects.

See full details in Subscription Plans and Pricing.

Security Best Practices

Even as a new user, follow these security practices:

  • Enable MFA through your OAuth provider (Google or Microsoft)

  • Use strong, unique passwords if signing up with email

  • Review ISMS Copilot's security features at the Trust Center (EU hosting, encryption, GDPR compliance)

  • Don't upload highly sensitive data until you've reviewed the platform's data handling policies

For comprehensive security guidance, see How to Secure Your ISMS Copilot Account.

Common Mistakes to Avoid

  • Switching between personas and workspaces: This resets your settings. Pick one approach and stick with it.

  • Asking overly broad questions: "Tell me about compliance" won't give you actionable results. Be specific about the framework and control.

  • Treating AI responses as final authority: Always verify critical compliance decisions against official standards and consult with qualified professionals for audit situations.

  • Uploading oversized files: Maximum is 10 MB for simple files (TXT, CSV, JSON) and 5 MB for convertible files (PDF, DOC, DOCX, XLS, XLSX). Compress or split large documents before uploading.

  • Expecting to edit messages: You can't edit or delete messages once sent. Review carefully before submitting.

Stay Updated with Product Changelog

ISMS Copilot regularly ships new features and improvements. To see what's new:

  1. Click your User Menu (profile icon in the top-right corner)

  2. Select Help Center from the dropdown

  3. Click Product changelog

This opens the Product Changelog in a new tab, where you'll find release notes, new framework support, and feature announcements.

Next Steps

Now that you've completed your first steps, explore these resources:

  • ISMS Copilot User Guide - Table of Contents - Complete feature documentation

  • Managing Multi-Client Projects with Workspaces - Advanced organization for consultants

  • Welcome to ISMS Copilot - Platform overview and key features

Need help? Visit the help center or contact support. The ISMS Copilot team is responsive to questions about framework coverage, feature requests, and technical issues.

Was this helpful?