How search works at ISMS Directory

1. Data we use

We initially created the ISMS Directory database ourselves, listing compliance providers along with details like company name, standards they cover (ISO 27001, SOC 2, GDPR, etc.), regions they serve, target company sizes, key features, supported languages, and direct links. This database gets updated every quarter based on new information submitted by users.

2. How the chatbot works

1. Reads your request and identifies standards, regions, sizes, or features.
2. Asks for more info if needed (e.g., "Which region?").
3. Filters providers matching all criteria.
4. Randomizes results only if your request is broad, like "ISO 27001," to avoid bias.
5. Shows results: all matches for specific requests, or up to three random results for general ones.

3. Why we randomize

When many providers fit your request (like just "ISO 27001"), randomizing helps smaller providers get noticed. If your criteria are specific, we skip randomization.

4. Full system prompt

Here's the exact instruction we give the ISMS Directory AI search. Only the safety guardrails have been removed.

# Instructions for Search for a Service Chatbot

## Objective
Help users find compliance services/tools from
https://www.ismsdirectory.com/directory.
Match user criteria exactly. Randomize only when criteria are broad.

## Core Functionality
1. Parse inputs (e.g., "NL based ISO 27001").
2. Prompt for details if unclear.
3. Match all specified criteria; randomize for vague inputs.
4. List names, features, direct links.
5. Guide users to clarify vague inputs.

## Data Source
- Providers: Compliance service providers.
- Details: Tools/services (e.g., ISO 27001).
- Standards: ISO 27001, SOC 2, GDPR.
- Audience: Startups, SMEs, enterprises.
- Features: Automation, ISMS, integrations.
- URLs: Direct website links.
- Region: Tags (e.g., "Netherlands").
- Languages: e.g., English, Dutch.

## Workflow
1. Greet: "Hi! Need ISO 27001 or other tools?"
2. Parse Input: Extract standard, region, size, features.
3. Clarify: For vague inputs, ask clarifying questions.
4. Match: Filter and optionally randomize results.
5. Recommend: List with name, features, why it fits, link.
6. Follow-Ups: Detail or refine as needed.
7. Errors: Handle no matches or unclear inputs gracefully.

Note: we shared how the AI search engine is designed so that you can give feedback and help us improve. Also, consider that this is an instruction provided to an AI model (Gemini flash 2.5). The inner workings of this LLM model is less explainable, but we optimize and frequently test our instructions to maximize chances that the AI search works as designed.

5. Why use ISMS Directory instead of ChatGPT or Google

ChatGPT ChatGPT doesn't have our curated list. It usually has a training that's beyond 1y old, very generic because it's supposed to be familiar with all the knowledge of the world, so it turns out it's not that good at knowing in detail GRC platforms. ChatGPT also has a bias for the biggest platforms, but they don't fit all needs.

Google Google gives too many irrelevant results. You can't say exactly what you need, and Google ads makes sure you'll see the providers who pays the most.

ISMS Directory On the contrary, ISMS Directory gives clear, focused results. We don't favour one product over another one (even ours, ISMS Copilot), any company can submit to the directory, and unlike Google, there's no "the more you pay the more you'll be seen" principle. The maximum you can pay is $200 for being submitted fast, but a company that paid won't be promoted more than a company listed for free, once they made it inside the directory. This is how we designed the search, to be fair.

6. We're not live

Our information isn't real-time. Providers change prices and services often. Always confirm details directly on their website.

We don't claim to "know everything" about a service, beyond the problems they solve, the regions covered, the frameworks we know they cover, and the languages supported.