All framework guides
Help Center · Framework guide
ISO/IEC 27001:2022
ISO 27001 · Security · Global · v2022
ISMSCertificationAnnex A
Overview
ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).
93 controls available in ComplAI for this framework.
Who it's for
- Organizations seeking ISO 27001 certification
- Global enterprises aligning security to a recognized ISMS
- Suppliers asked to demonstrate certified information security
Why it matters
Certification signals mature governance. Mapping Annex A controls in ComplAI keeps Statement of Applicability, risk treatment, and evidence audit-ready.
ISMS scope and leadershipRisk assessment and treatmentAnnex A control implementationInternal audit and continual improvement
How ComplAI helps
- Activate ISO 27001 in the Framework Library to load its control catalog
- Assign owners, track compliance status, and attach evidence per control
- Use risk register and issues workflows when controls fail or deviate
- Export readiness views for leadership and auditors
Sample controls
- governance
A.5.1
Policies for information security
- governance
A.5.2
Information security roles and responsibilities
- access control
A.5.3
Segregation of duties
- governance
A.5.4
Management responsibilities
- governance
A.5.5
Contact with authorities
- governance
A.5.6
Contact with special interest groups
Getting started
- Open Framework Library and activate ISO 27001
- Review the control list and prioritize high-impact domains
- Attach policies, procedures, and technical evidence
- Mark controls audit-ready and monitor residual gaps
