Risk-based ISMS
A documented management system built around identifying, treating and monitoring information-security risks.
The global baseline for information security.
ISO/IEC 27001 is the international standard for an Information Security Management System (ISMS). It defines how an organisation establishes, operates and continually improves security through risk management and a set of Annex A controls.
The standard
ISO/IEC 27001:2022 — Information Security Management
Who needs it
Any organisation that wants a recognised, auditable security posture — especially those selling to enterprises or expanding internationally, where an ISO 27001 certificate is often a procurement requirement.
93
Annex A controls, pre-mapped
A documented management system built around identifying, treating and monitoring information-security risks.
93 controls across organisational, people, physical and technological themes (2022 revision).
The SoA justifies which controls apply, why, and their implementation status — the spine of your audit.
Internal audits, management review and corrective actions keep the ISMS living, not shelf-ware.
See exactly how Compliance One maps ISO 27001 to your environment in a 30-minute walkthrough.