ISO 27001 Compliance Guide
Complete guide to achieving ISO 27001:2022 certification with Axura. Understand the Information Security Management System (ISMS) requirements.
What is ISO 27001?
ISO 27001 is the international standard for Information Security Management Systems (ISMS). It provides a framework for establishing, implementing, maintaining, and continuously improving an ISMS.
💡 2022 Update
ISO 27001:2022 is the latest version with updated controls in Annex A, including new controls for cloud security and threat intelligence.
Annex A Control Domains
| Domain | Controls |
|---|---|
| A.5 - Organizational Controls | 37 controls |
| A.6 - People Controls | 8 controls |
| A.7 - Physical Controls | 14 controls |
| A.8 - Technological Controls | 34 controls |
Certification Process
Stage 1 Audit
Documentation review - policies, procedures, risk assessment
Stage 2 Audit
Implementation review - evidence of controls in operation
Certification
Certificate issued upon successful audit
Surveillance Audits
Annual audits to maintain certification
Recertification
Full audit every 3 years
SOC 2 + ISO 27001 Overlap
If you're pursuing both SOC 2 and ISO 27001, good news: there's significant overlap. Axura automatically maps evidence to both frameworks.
✅ Dual Compliance
Organizations typically achieve 70-80% overlap between SOC 2 and ISO 27001 evidence requirements.