Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first

ISO 27001

ISO 27001, also known as ISO/IEC 27001:2022, is the international standard which is recognised globally for managing risks to the security of information you hold.

What is ISO 27001?

Certification to ISO 27001 allows you to prove to your clients and other stakeholders that you are managing the security of your information. ISO 27001:2022 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS).

Learn more about the ISO 27001 standard in our recorded webinar: ISO 27001: Starting the journey to business security.

Benefits of ISO 27001

Businesses who adhere to the ISO 207001 standard and maintain ISO 27001 compliance are more likely to experience the following benefits:

  • Win more B2B business and tenders
  • Open up new markets and sectors
  • Improve customer retention
  • Reduce time to complete tenders

Businesses also realize several ISO 27001 cybersecurity benefits, including the ability to:

  • Maintain the capacity to withstand cyber attacks
  • Be prepared for new threats
  • Ensure data integrity across the entire organisation

Who Needs ISO 27001?

Given the prevalence of cybercrime and data breaches across industries, organisations from every sector and of all sizes benefit from adhering to the ISO 27001 standard. IT industry organisations, for whom cybersecurity and data integrity are paramount, benefit especially from ISO 27001 compliance.

Achieve ISO 27001 with Hicomply

Managing ISO 27001 is time consuming and resource-heavy. If you can automate the administration as much as possible and have all staff self-serving their obligations within the Hicomply platform, then you free-up your ISO 27001 compliance team to focus on their core objectives. Hicomply out of the box provides you with everything you need to achieve ISO 27001 certification.

ISO 27001:2022 Requirements

ISO 27001:2022 Annex A Controls

Organisational Control

A 5.1 Information Security policiesA 5.20 Addressing Information Security Within Supplier Agreements
A 5.2 Information Security Roles and ResponsibilitiesA 5.21 Managing Information Security in the ICT Supply Chain
A 5.3 Segregation of DutiesA 5.22 Monitoring and Review and Change Management of Supplier Services
A 5.4 Management ResponsibilitiesA 5.23 Information Security for Use of Cloud Services
A 5.5 Contact With Government AuthoritiesA 5.24 Information Security Incident Management Planning and Preparation
A 5.6 Contact With Special Interest GroupsA 5.25 Assessment and Decision on Information Security Events
A 5.7 Threat Intelligence
A 5.26 Response to Information Security Incidents
A 5.8 Information Security in Project Management
A 5.27 Learning From Information Security Incidents
A 5.9 Inventory of Information and Other Associated Assets
A 5.28 Collection of Evidence
A 5.10 Acceptable Use of Information and Other Associated Assets
A 5.29 Information Security During Disruption
A 5.11 Return of Assets
A 5.30 ICT Readiness for Business Continuity
A 5.12 Classification of Information
A 5.31 Legal, Statutory, Regulatory and Contractual Requirements

A 5.13 Labelling of Information
A 5.32 Intellectual Property Rights
A 5.14 Information Transfer
A 5.33 Protection of Records
A 5.15 Access Control
A 5.34 Privacy and Protection of PII
A 5.16 Identity Management
A 5.35 Independent Review of Information Security
A 5.17 Authentication Information
A 5.36 Compliance With Policies, Rules and Standards for Information Security
A 5.18 Access Rights
A 5.37 Documented Operating Procedures
A 5.19 Information Security in Supplier Relationships

People Control

Physical Control

A 7.1 Physical Security Perimeters

A 7.8 Equipment Siting and Protection

A 7.2 Physical Entry

A 7.9 Security of Assets Off-Premises
A 7.3 Securing Offices, Rooms and FacilitiesA 7.10 Storage Media
A 7.4 Physical Security MonitoringA 7.11 Supporting Utilities
A 7.5 Protecting Against Physical and Environmental ThreatsA 7.18 Cabling Security
A 7.6 Working In Secure AreasA 7.19 Equipment Maintenance
A 7.7 Clear Desk and Clear ScreenA 7.19 Secure Disposal or Re-Use of Equipment


Technological Control

A 8.1 User Endpoint DevicesA 8.18 Use of Privileged Utility Programs
A 8.2 Privileged Access RightsA 8.19 Installation of Software on Operational Systems
A 8.3 Information Access RestrictionA 8.20 Network Security
A 8.4 Access to Source CodeA 8.21 Security of Network Services
A 8.5 Secure AuthenticationA 8.22 Segregation of Networks
A 8.6 Capacity ManagementA 8.23 Web Filtering
A 8.7 Protection Against MalwareA 8.24 Use of Cryptography
A 8.8 Management of Technical VulnerabilitiesA 8.25 Secure Development Life Cycle
A 8.9 Configuration ManagementA 8.26 Application Security Requirements
A 8.10 Information DeletionA 8.27 Secure System Architecture and Engineering Principles
A 8.11 Data MaskingA 8.28 Secure Coding
A 8.12 Data Leakage PreventionA 8.29 Security Testing in Development and Acceptance
A 8.13 Information BackupA 8.30 Outsourced Development
A 8.14 Redundancy of Information Processing FacilitiesA 8.31 Separation of Development, Test and Production Environments
A 8.15 LoggingA 8.32 Change Management
A 8.16 Monitoring ActivitiesA 8.33 Test Information
A 8.17 Clock SynchronisationA 8.34 Protection of Information Systems During Audit Testing


ISO 27001 Downloads

Book your demo

Whether you want a complete walkthrough of Hicomply, or just want to chat to our team about your needs — we’re here to help and guide you on your journey to information security compliance.

  • Learn how to simplify your certification process
  • Discover our built-in automations to improve efficiency
  • See how Hicomply can be tailored to your requirements