Everything the agent produces is ISO 27001 compliant. Each risk is recorded in a risk register, Annex A controls are resolved through control mapping against your actual risk profile, and every decision is captured in a Statement of Applicability. The audit trail builds throughout the programme. Certification bodies audit the work, not the tool that helped produce it.
