Meet ComplAIIntelligence: Your AI-powered teammate for risk & complianceLearn more
All framework guides

Help Center · Framework guide

ISO/IEC 27001:2022

ISO 27001 · Security · Global · v2022

ISMSCertificationAnnex A

Overview

ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

93 controls available in ComplAI for this framework.

Who it's for

  • Organizations seeking ISO 27001 certification
  • Global enterprises aligning security to a recognized ISMS
  • Suppliers asked to demonstrate certified information security

Why it matters

Certification signals mature governance. Mapping Annex A controls in ComplAI keeps Statement of Applicability, risk treatment, and evidence audit-ready.

ISMS scope and leadershipRisk assessment and treatmentAnnex A control implementationInternal audit and continual improvement

How ComplAI helps

  • Activate ISO 27001 in the Framework Library to load its control catalog
  • Assign owners, track compliance status, and attach evidence per control
  • Use risk register and issues workflows when controls fail or deviate
  • Export readiness views for leadership and auditors

Sample controls

  • A.5.1

    Policies for information security

    governance
  • A.5.2

    Information security roles and responsibilities

    governance
  • A.5.3

    Segregation of duties

    access control
  • A.5.4

    Management responsibilities

    governance
  • A.5.5

    Contact with authorities

    governance
  • A.5.6

    Contact with special interest groups

    governance

Getting started

  1. Open Framework Library and activate ISO 27001
  2. Review the control list and prioritize high-impact domains
  3. Attach policies, procedures, and technical evidence
  4. Mark controls audit-ready and monitor residual gaps