ISO 27001 Compliance File Apps
PDF and file apps designed for organizations running ISO 27001 compliance programs. For the apps listed below: browser-first processing, no server-side file handling.
ISO 27001 and File Processing Apps
ISO/IEC 27001:2022 is the international standard for Information Security Management Systems (ISMS). Organizations running ISO 27001 compliance programs must ensure all apps that handle information assets meet their security controls — including PDF and file conversion apps.
Traditional online file apps (iLovePDF, SmallPDF, Adobe Acrobat Online) upload files to their servers, creating supplier risk that must be assessed under Annex A controls. For the PDF and file apps listed below, MiOffice uses browser-first processing — so there is no supplier relationship for these specific file workflows to assess.
For the apps listed on this page, our architecture reflects ISO 27001 compliance practices and reduces many of the information security risks the framework's controls are designed to mitigate — browser-first processing means smaller supplier surface for these workflows.
Annex A Control Practices
A.8.10 — Information Deletion
No information to delete. Files are processed in browser memory and released when the tab closes. No server-side storage exists.
A.8.11 — Data Masking
No data to mask. File contents never reach our infrastructure. There is no database, no log, no cache containing user file data.
A.8.12 — Data Leakage Prevention
Zero data leakage surface. Files cannot leak from our servers because they never reach our servers. Verifiable via browser DevTools.
A.5.19 — Supplier Information Security
MiOffice is not a data supplier/processor. No supplier security assessment needed for file processing — your browser is the processor.
A.5.23 — Cloud Services Security
No cloud services used for file processing. All computation happens client-side in the browser. Only static page assets are served.
A.8.24 — Use of Cryptography
TLS 1.3 for page delivery. HSTS preload enforced. Private & secure client-side processing.
A.5.12 — Classification of Information
All files are treated as confidential by default — private & secure client-side processing regardless of classification level.
A.8.9 — Configuration Management
No server-side configuration for file processing. Client-side Processing modules are immutable, versioned, and integrity-checked.
Applications
Merge PDF
Combine confidential documents without server exposure
Compress PDF
Reduce file sizes within your security perimeter
Protect PDF
Encrypt documents with AES-256 password protection
PDF Editor
Edit documents without cloud processing risk
Split PDF
Extract pages without full-document server exposure
PDF to Word
Convert without third-party data handling
Word to PDF
Create PDFs locally within your ISMS boundary
Excel to PDF
Convert spreadsheets without data exposure
Keep your ISMS boundary clean
Process files without adding supplier risk to your ISO 27001 scope.