Skip to main content
ISO 27001 is the international standard for Information Security Management Systems (ISMS). It provides a systematic approach to managing sensitive information through people, processes, and technology controls.
ISO 27001:2022 is the latest revision. Organizations certified under the 2013 version must transition by October 2025.

Who needs ISO 27001?

Global businesses

Organizations operating internationally, especially in European and APAC markets where ISO 27001 is the standard security expectation.

Enterprise vendors

Companies whose customers require formal certification as part of procurement or vendor assessment.

ISO 27001:2022 Annex A themes

The 2022 revision restructured 93 controls into 4 themes:
ThemeControlsExamples
Organizational37Security policies, roles, asset management, supplier relations
People8Screening, awareness training, disciplinary processes
Physical14Physical entry controls, equipment security, clear desk policy
Technological34Access rights, authentication, encryption, logging, monitoring

Certification process

1

Define ISMS scope

Determine which processes, locations, and systems are in scope for certification.
2

Conduct risk assessment

Identify information security risks and define treatment plans using DSALTA’s risk register.
3

Implement controls

DSALTA maps all 93 Annex A controls. Implement policies, configure technical controls, and collect evidence.
4

Stage 1 audit

The certification body reviews your ISMS documentation and readiness.
5

Stage 2 audit

The auditor evaluates whether controls are implemented and operating effectively.
6

Certification

Receive ISO 27001 certification valid for 3 years, with annual surveillance audits.

How DSALTA helps

  • Pre-built ISMS policies — AI-generated policies covering all Annex A requirements
  • Risk register — likelihood × impact scoring with treatment plans (Mitigate, Accept, Transfer, Avoid)
  • 93 Annex A controls mapped to evidence requirements
  • Statement of Applicability — auto-generated based on your control selections
  • Cross-framework mapping — ~70% overlap with SOC 2, significant overlap with GDPR and NIS 2

Frequently asked questions

Typically 3–6 months for implementation plus the two-stage audit. DSALTA’s pre-built controls and policies accelerate this significantly.
Restructured from 14 domains to 4 themes, added 11 new controls (threat intelligence, cloud security, data masking, etc.), and updated existing controls.
You can implement ISO 27001 without certification, but many customers specifically require the formal certificate from an accredited body.
Approximately 60–70% of controls overlap. DSALTA maps these automatically, so completing one framework accelerates the other.