ISO/IEC 27001:2022

ISO 27001 Compliance — Simplified

ISO/IEC 27001:2022 — Information Security Management System. Streamline ISMS evidence collection, Statement of Applicability preparation, and certification-readiness tracking.

Apply to DP program View Pricing

What is ISO 27001?

ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It provides a systematic approach to managing sensitive company information and ensuring its confidentiality, integrity, and availability.

Annex A contains 93 controls organized across 4 themes: Organizational, People, Physical, and Technological. Certification requires implementing ISMS clauses 4 through 10, covering everything from context of the organization to continual improvement.

The 2022 revision streamlined controls from 114 to 93 and introduced 11 new controls reflecting modern security challenges including threat intelligence, cloud security, and data masking.

Annex A Controls

Control Themes

ISMS Clauses

Workflow acceleration examples

Before vs After — Operational Lift

Example improvements when ISMS evidence, SoA preparation, risk treatment, and management review records are connected. Actual timelines depend on customer data quality and review process.

Workflow	Manual Process	With OneComply	Time Saved
Statement of Applicability	2–3 weeks	15 minutes (auto-generated)	98%
Risk Assessment	1–2 weeks	1 hour (guided workflow)	90%
Control Implementation Tracking	Ongoing spreadsheet hell	Real-time dashboard	80%
Internal Audit Prep	2–4 weeks	2 hours (evidence + controls mapped)	90%
Gap Analysis	1 week	Instant (automated scoring)	99%
Policy Documentation	2–3 months	1 week (15 AI templates)	75%
Management Review	1–2 days prep	30 minutes (auto-generated report)	85%

What We Automate

Full Annex A coverage plus ISMS clause automation. From Statement of Applicability to management review, every step is streamlined.

A.5

Organizational Controls

37 mapped controls

Information security policies
Roles and responsibilities
Threat intelligence
Asset management

A.6

People Controls

8 mapped controls

Screening procedures
Security awareness training
Disciplinary processes
Remote working security

A.7

Physical Controls

14 mapped controls

Physical security perimeters
Entry controls
Equipment protection
Secure disposal

A.8

Technological Controls

34 mapped controls

Access management
Cryptography controls
Vulnerability management
Logging and monitoring

Clauses 4–10

ISMS Clauses 4–10

7 mapped controls

Context of the organization
Leadership and commitment
Planning and risk treatment
Performance evaluation and improvement

Your Certification Journey

ISO 27001 certification follows a structured audit cycle. OneComply prepares you for every stage.

Stage 1

Documentation Review

Auditor reviews ISMS scope, policies, risk assessment, and Statement of Applicability.

Stage 2

Implementation Audit

On-site audit verifying operational controls, evidence, and ISMS effectiveness.

Surveillance

Annual Reviews

Year 1 and Year 2 surveillance audits to verify continued ISMS operation.

Re-certification

Every 3 Years

Full re-certification audit to renew your ISO 27001 certificate.

Cross-Framework Alignment

ISO 27001 has significant overlap with other EU regulatory frameworks. Organizations pursuing certification are already substantially aligned with DORA and NIS2 requirements. OneComply maps the overlap automatically.

~60%

DORA overlap

~70%

NIS2 overlap

~50%

GDPR overlap

Start your ISO 27001 certification journey

Prepare ISO 27001:2022 evidence faster with mapped controls, evidence collection, and real-time gap analysis. Certification remains auditor-led.

Apply to DP program View Pricing