Skip to main content
ISO 27001:2022 compliance practices

ISO 27001 Compliance File Apps

PDF and file apps designed for organizations running ISO 27001 compliance programs. For the apps listed below: browser-first processing, no server-side file handling.

Browser-First AppsAnnex A PracticesLow Vendor Risk

ISO 27001 and File Processing Apps

ISO/IEC 27001:2022 is the international standard for Information Security Management Systems (ISMS). Organizations running ISO 27001 compliance programs must ensure all apps that handle information assets meet their security controls — including PDF and file conversion apps.

Traditional online file apps (iLovePDF, SmallPDF, Adobe Acrobat Online) upload files to their servers, creating supplier risk that must be assessed under Annex A controls. For the PDF and file apps listed below, MiOffice uses browser-first processing — so there is no supplier relationship for these specific file workflows to assess.

For the apps listed on this page, our architecture reflects ISO 27001 compliance practices and reduces many of the information security risks the framework's controls are designed to mitigate — browser-first processing means smaller supplier surface for these workflows.

Annex A Control Practices

A.8.10 — Information Deletion

No information to delete. Files are processed in browser memory and released when the tab closes. No server-side storage exists.

A.8.11 — Data Masking

No data to mask. File contents never reach our infrastructure. There is no database, no log, no cache containing user file data.

A.8.12 — Data Leakage Prevention

Zero data leakage surface. Files cannot leak from our servers because they never reach our servers. Verifiable via browser DevTools.

A.5.19 — Supplier Information Security

MiOffice is not a data supplier/processor. No supplier security assessment needed for file processing — your browser is the processor.

A.5.23 — Cloud Services Security

No cloud services used for file processing. All computation happens client-side in the browser. Only static page assets are served.

A.8.24 — Use of Cryptography

TLS 1.3 for page delivery. HSTS preload enforced. Private & secure client-side processing.

A.5.12 — Classification of Information

All files are treated as confidential by default — private & secure client-side processing regardless of classification level.

A.8.9 — Configuration Management

No server-side configuration for file processing. Client-side Processing modules are immutable, versioned, and integrity-checked.

Applications

Keep your ISMS boundary clean

Process files without adding supplier risk to your ISO 27001 scope.