ISO 27001 Compliance

ISO/IEC 27001 Certification

ISO/IEC 27001 is an international standard that describes a framework for information security management. Compliance with the standard is a major component of supply chain security among organizations, ranging from military, government, or healthcare sectors.

GoodAccess is ISO/IEC 27001 certified, proving we adhere to the highest standards of data security, privacy, and compliance, proving we are a strong link in your vendor supply chain.

No card needed. Full onboarding support.

Achieve NIS2 compliance with GoodAccess

Why us?

Why GoodAccess

Easiest to deploy and use among ZTNA platforms.
Get started with no expert skills needed.
Trusted by more than 1300+ SMEs worldwide
User ratings confirm our commitment to customer success

What is ISO 27001 compliance

Principles of ISO 27001 compliance

ISO 27001 provides a comprehensive framework comprising security controls and procedural documentation to safeguard your organization’s information assets by creating an information security management system (ISMS). By adhering to ISO 27001, companies ensure the confidentiality, integrity, and security of their sensitive data and prove that they do not pose a threat to their business partners’ supply chain.

Annex A of ISO 27001 delineates a structured approach to implementing security measures, grouped into four categories of controls.

Gateway network

Global shared gateway network

Starter is a free business VPN that creates a secure VPN infrastructure for your virtual organization. Every time a user connects, GoodAccess automatically seeks out the nearest gateway location with the lowest latency and assigns an IP address dynamically. This enables secure private browsing and encrypted remote access to IT resources for your coworkers, even if they connect through public Wi-Fi.

network control and visibility
network control and visibility

Threat protection

Online Threat Protection

Starter comes equipped with Threat Blocker, an always-on feature that stops phishing, malware, botnets, ransomware ploys and other online security threats before they hit the user and breach your network. Learn more about GoodAccess Threat Blocker.

Goodaccess app

Mobile and desktop apps

GoodAccess comes with one-click applications for iOS, macOS, Android, Windows and ChromeOS. No configuration is needed. Just invite your colleagues via email to create their account and get the GoodAccess app.


Organizational controls

Policies, rules, processes, and organizational structures designed to oversee and govern a broad scope of matters related to information security within the organization. Organizational controls form the bedrock of an effective ISMS and range from robust security policies to definition of roles and responsibilities.


People controls

Controls focused on enhancing human awareness, skills, and behaviors as pertains to information security. People controls encompass initiatives like comprehensive training programs, human resource management, and personal security.


Physical controls

Controls dedicated to safeguarding tangible assets and physical infrastructure. From implementing entry controls and surveillance systems, to establishing secure protocols for asset storage and disposal, physical controls play a vital role in preventing the mishandling and damage to all information assets in physical form.

User authentication via 2 factor or multifactor authentication


Technological controls

Technological controls are indispensable for securing digital assets and IT infrastructure. These controls encompass a diverse range of measures, including robust authentication mechanisms, encryption protocols, real-time monitoring solutions, secure storage, and backup procedures, all aimed at hardening the digital defenses of the organization.

Create Free Account

No card required.

Full onboarding support.

ISO 27001 compliance

GoodAccess can help you with ISO 27001 compliance

GoodAccess provides a Zero-Trust Network Access as a Service solution (ZTNAaaS), which means it can help you check off requirements related to network security and data protection (see our ISO 27001 Compliance Guide).

Namely, GoodAccess supplies the following technological controls:

  • User Endpoint Devices (Annex A, 8.1) – While not a replacement for EDR, GoodAccess strengthens BYOD security by pre-authenticating devices before granting access to resources.
  • Privileged Access Rights (Annex A, 8.2) – GoodAccess’ intuitive Access Control enables highly granular least-privilege access to systems, applications, and data.
  • Secure Authentication (Annex A, 8.5) – Use MFA, SSO, and biometrics (on mobile devices) to pre-authenticate users before allowing access to digital resources.
  • Logging (Annex A, 8.15) – GoodAccess keeps both gateway-level and system-level access logs for monitoring and analysis.
  • Network Security (Annex A, 8.20) – We use strong encryption on all connections and round-the clock system-level logging to ensure information security within the GoodAccess SDP.
  • Security of Network Services (Annex A, 8.21) – Robust access controls and authentication prevent unauthorized access and ensure compartmentalization, while system-level logs provide a detective control.
  • Segregation of Networks (Annex A, 8.22) – GoodAccess inhibits lateral movement by segmentation on the network level.
  • Web Filtering (Annex A, 8.23) – Threat Blocker, a built-in DNS filter, blocks access to harmless, disreputable, or custom-blacklisted domains.
  • Use of Cryptography (Annex A, 8.24) – GoodAccess encrypts all communication to protect all data during transit and prevent attacks like man-in-the-middle.
  • Application Security Requirements (Annex A, 8.26) – We enforce least-privilege access to online applications, reinforced by MFA and SSO.
Not a company? Try VPN Static for individuals
Thank you! Your submission has been received!
By submitting this form you agree with creation of Samohyb Account, Terms of Service and Privacy Policy.


See why your peers choose GoodAccess

GoodAccess product is simple, super user-friendly, and pretty fast. It has taken several minutes to connect a team of 60 members. It guarantees the security of our work, gives the possibility to use different servers/encryptions from any place in the world when most of our agents work remotely.

Maria Pavliv
Project Manager at Lionentry
Mid-Market (51-200 employees)
See detailed review on G2

GoodAccess has allowed our company to easily IP restrict and control access to sensitive applications to our employees abroad without the need of setting up custom VPNs. It simply works and works fast!

Adam Hurst
CTO at Deadstock
Mid-Market (51-200 employees)
See detailed review on G2

GoodAccess is very easy to provision and manage. Staff find it easy to set up and we're able to invite users with a simple email sent via the web panel. We've been able to easily move the company to remote-only over the past year and GoodAccess has been a central part of that.

Oliver Douglas
Technical Operations Coordinator at MyTutor
Mid-Market (51-200 employees)
See detailed review on G2

I use a VPN and static IP for my team. The service allows e to simply invite team members. The installation is very simple and the service is of great performance. No downtime. Simple on/off. Also, I get clear insights for the usage of my team members. I used other services before but this is by far the best manageable one.

Oren Zamski
Co-Founder at Nogamy
Mid-Market (51-200 employees)
See detailed review on G2


Why GoodAccess is your go-to compliance solution

GoodAccess is a customer choice among cloud-based zero-trust solutions. We are GDPR, HIPAA compliant and have passed ISO 27001 and SOC 2 certification.

Device posture check & management

Filter out non-compliant devices to reduce the risk of breaches. Define your device security policy and enforce it from the central console.

Identity-based access control

Assign access on a least-privilege and per-app basis centrally and easily.

Software-defined perimeter

Apply a protective layer over all your users and resources, wherever they are. Enforce the same level of security throughout multi-site and multi-cloud environments.

Cryptography and encryption

Protect data and user identity during transit with strong, unbroken encryption.

Auditable access logs

Monitor activity on the level of systems and gateway, locate breaches and configuration issues, feed the logs to a SIEM.

Multi-factor authentication

Prevent unauthorized access with MFA before allowing access to internal systems.

Business continuity

Configure your secure GoodAccess secure environment in high-availability to ensure continuous protection.

Vulnerability disclosure

We are open about our limits. GoodAccess is an essential part of your security ecosystem that complements other security solutions.

Security policies

Enforce your security policy centrally and ensure no user accesses critical resources without satisfactory authorization.

Start your transition today

Book a call with our expert to learn more or sign up for free. With the GoodAccess 14-day free trial you get full access to our solution, configuration guides and full onboarding support from our A+ presales team.
Trusted by 1300+ customers

Get in touch

Not sure where to start? Let's get in touch

Schedule a call with the GoodAccess success manager to get all the details about our product features.