Getting Started with ISMS Copilot

This guide walks you through your first steps with ISMS Copilot, from creating your account to generating your first compliance document. You'll be up and running in under 5 minutes.

Step 1: Create Your Account

Sign up for a free account at ismscopilot.com. You have two options:

• Email and password: Requires a strong password (8+ characters with uppercase, lowercase, numbers, and symbols). You'll need to verify your email before accessing the platform.

• OAuth (Google or Microsoft): Sign in with your existing account. No email verification needed, and you can enable MFA through your OAuth provider for enhanced security.

For detailed signup instructions and troubleshooting, see Creating Your Account.

Step 2: Choose How to Organize Your Work

When you first log in, you'll see the main dashboard with a chat interface. Before asking your first question, decide how to organize your work:

Personas vs. Workspaces

Personas adjust the AI's responses based on your role:

• Default: General compliance guidance

• Implementer: Practical, step-by-step implementation advice

• Auditor: Verification-focused responses with evidence requirements

• Consultant: Client-facing recommendations and deliverables

Workspaces let you organize separate projects or clients with dedicated chat histories, custom instructions, and file uploads.

Most users starting out can begin with a persona. As you add more projects, explore workspaces for better organization.

Step 3: Ask Your First Question

Type a specific compliance question in the "What are you working on?" input field. The more specific you are, the better your results.

Examples of Good Questions

What controls does ISO 27001 Annex A.8.1 require for asset management?

Create an information security policy for a 50-person SaaS company

How do I demonstrate SOC 2 CC6.1 logical access controls?

What are the key differences between GDPR and NIS2 for incident reporting?

What to Avoid

• Vague questions like "Tell me about ISO 27001"

• Questions outside compliance frameworks (ISMS Copilot specializes in security and compliance)

• Expecting the AI to replace official documentation—always verify critical information against source standards

Learn more in Starting Your First Conversation.

Step 4: Upload Documents for Analysis (Optional)

One of ISMS Copilot's most powerful features is analyzing your existing compliance documents. Click the paperclip icon or drag files into the chat to upload:

• Supported formats: PDF, DOCX, XLSX, CSV, JSON, TXT

• File size limit: 10MB per file

• Upload limit: One file per message

After uploading, you can ask the AI to:

• Perform gap analysis against a framework

• Review policies for compliance coverage

• Extract controls from existing documentation

• Prepare audit evidence summaries

Example Upload Workflow

1. Upload your current information security policy (PDF)
2. Ask: "Perform a gap analysis of this policy against ISO 27001 Annex A"
3. Review the AI's findings and recommendations

Step 5: Generate Your First Document

Ask ISMS Copilot to generate compliance documents based on your needs:

Generate an ISO 27001 risk assessment template for a cloud service provider

Create a GDPR data processing agreement for vendor management

Draft a SOC 2 incident response procedure

When the AI generates a document, you'll see a blue "Generated Documents" card in the response. Click the download button to save it to your device.

Understand Your Plan Limits

Free accounts include approximately 10 messages per day. When you hit this limit, you'll see a purple overlay prompting you to upgrade.

Plan Comparison

• Free: ~10 messages/day, limited file uploads, all frameworks

• Plus ($20/month or $240/year): Unlimited messages, increased file uploads, document generation, priority support

• Pro Unlimited (coming soon, $100/month): Unlimited everything, team collaboration

Most users exploring the platform start with the free tier and upgrade when they begin active implementation projects.

See full details in Subscription Plans and Pricing.

Security Best Practices

Even as a new user, follow these security practices:

• Enable MFA through your OAuth provider (Google or Microsoft)

• Use strong, unique passwords if signing up with email

• Review ISMS Copilot's security features at the Trust Center (EU hosting, encryption, GDPR compliance)

• Don't upload highly sensitive data until you've reviewed the platform's data handling policies

For comprehensive security guidance, see How to Secure Your ISMS Copilot Account.

Common Mistakes to Avoid

• Switching between personas and workspaces: This resets your settings. Pick one approach and stick with it.

• Asking overly broad questions: "Tell me about compliance" won't give you actionable results. Be specific about the framework and control.

• Treating AI responses as final authority: Always verify critical compliance decisions against official standards and consult with qualified professionals for audit situations.

• Uploading files over 10MB: Compress or split large documents before uploading.

• Expecting to edit messages: You can't edit or delete messages once sent. Review carefully before submitting.

Next Steps

Now that you've completed your first steps, explore these resources:

• ISMS Copilot User Guide - Table of Contents - Complete feature documentation

• Managing Multi-Client Projects with Workspaces - Advanced organization for consultants

• Welcome to ISMS Copilot - Platform overview and key features