All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base DORA Knowledge Base
Company Security and customers first
About News Partners Contact

ISO 27001

ISO 27001, also known as ISO/IEC 27001:2022, is the international standard which is recognised globally for managing risks to the security of information you hold.

Quick Chat?

4.8/5

What is ISO 27001?

Certification to ISO 27001 allows you to prove to your clients and other stakeholders that you are managing the security of your information. ISO 27001:2022 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS).

Learn more about the ISO 27001 standard in our recorded webinar: ISO 27001: Starting the journey to business security.

Benefits of ISO 27001

Businesses who adhere to the ISO 207001 standard and maintain ISO 27001 compliance are more likely to experience the following benefits:

  • Win more B2B business and tenders
  • Open up new markets and sectors
  • Improve customer retention
  • Reduce time to complete tenders

Businesses also realize several ISO 27001 cybersecurity benefits, including the ability to:

  • Maintain the capacity to withstand cyber attacks
  • Be prepared for new threats
  • Ensure data integrity across the entire organisation

Who Needs ISO 27001?

Given the prevalence of cybercrime and data breaches across industries, organisations from every sector and of all sizes benefit from adhering to the ISO 27001 standard. IT industry organisations, for whom cybersecurity and data integrity are paramount, benefit especially from ISO 27001 compliance.

Achieve ISO 27001 with Hicomply

Managing ISO 27001 is time consuming and resource-heavy. If you can automate the administration as much as possible and have all staff self-serving their obligations within the Hicomply platform, then you free-up your ISO 27001 compliance team to focus on their core objectives. Hicomply out of the box provides you with everything you need to achieve ISO 27001 certification.

ISO 27001:2022 Requirements

4.1 Understanding the organisation and its context7.3 Awareness
4.2 Understanding the needs and expectations of interested parties7.4 Communication
4.3 Determining the scope of the information security management system (ISMS)7.5 Documented information
4.4 Information security management system (ISMS)8.1 Operational planning and control
5.1 Leadership and commitment8.2 Information security risk assessment
5.2 Information Security Policy8.3 Information security risk treatment
5.3 Organisational roles, responsibilities and authorities9.1 Monitoring, measurement, analysis and evaluation
6.1 Actions to address risk and opportunity9.2 Internal Audit
6.2 Information security objectives and planning to achieve them9.3 Management review
7.1 Resources10.1 Non-conformity and corrective actions
7.2 Competence10.2 Continual Improvement

ISO 27001:2022 Annex A Controls

Organisational Control

A 5.1 Information Security policiesA 5.20 Addressing Information Security Within Supplier Agreements
A 5.2 Information Security Roles and ResponsibilitiesA 5.21 Managing Information Security in the ICT Supply Chain
A 5.3 Segregation of DutiesA 5.22 Monitoring and Review and Change Management of Supplier Services
A 5.4 Management Responsibilities
A 5.23 Information Security for Use of Cloud Services
A 5.5 Contact With Government Authorities
A 5.24 Information Security Incident Management Planning and Preparation
A 5.6 Contact With Special Interest Groups
A 5.25 Assessment and Decision on Information Security Events
A 5.7 Threat Intelligence
A 5.26 Response to Information Security Incidents
A 5.8 Information Security in Project Management
A 5.27 Learning From Information Security Incidents
A 5.9 Inventory of Information and Other Associated Assets
A 5.28 Collection of Evidence
A 5.10 Acceptable Use of Information and Other Associated Assets
A 5.29 Information Security During Disruption
A 5.11 Return of Assets
A 5.30 ICT Readiness for Business Continuity
A 5.12 Classification of Information
A 5.31 Legal, Statutory, Regulatory and Contractual Requirements

A 5.13 Labelling of Information
A 5.32 Intellectual Property Rights
A 5.14 Information Transfer
A 5.33 Protection of Records
A 5.15 Access Control
A 5.34 Privacy and Protection of PII
A 5.16 Identity Management
A 5.35 Independent Review of Information Security
A 5.17 Authentication Information
A 5.36 Compliance With Policies, Rules and Standards for Information Security
A 5.18 Access Rights
A 5.37 Documented Operating Procedures
A 5.19 Information Security in Supplier Relationships

People Control

A 6.1 ScreeningA 6.5 Responsibilities After Termination or Change of Employment
A 6.2 Terms and Conditions of EmploymentA 6.6 Confidentiality or Non-Disclosure Agreements
A 6.3 Information Security Awareness, Education, and TrainingA 6.7 Remote Working
A 6.4 Disciplinary ProcessA 6.8 Information Security Event Reporting

Physical Control

A 7.1 Physical Security Perimeters

A 7.8 Equipment Siting and Protection

A 7.2 Physical Entry

A 7.9 Security of Assets Off-Premises
A 7.3 Securing Offices, Rooms and FacilitiesA 7.10 Storage Media
A 7.4 Physical Security MonitoringA 7.11 Supporting Utilities
A 7.5 Protecting Against Physical and Environmental ThreatsA 7.18 Cabling Security
A 7.6 Working In Secure AreasA 7.19 Equipment Maintenance
A 7.7 Clear Desk and Clear ScreenA 7.19 Secure Disposal or Re-Use of Equipment


Physical Control

A 8.1 User Endpoint DevicesA 8.18 Use of Privileged Utility Programs
A 8.2 Privileged Access RightsA 8.19 Installation of Software on Operational Systems
A 8.3 Information Access RestrictionA 8.20 Network Security
A 8.4 Access to Source CodeA 8.21 Security of Network Services
A 8.5 Secure AuthenticationA 8.22 Segregation of Networks
A 8.6 Capacity ManagementA 8.23 Web Filtering
A 8.7 Protection Against MalwareA 8.24 Use of Cryptography
A 8.8 Management of Technical VulnerabilitiesA 8.25 Secure Development Life Cycle
A 8.9 Configuration ManagementA 8.26 Application Security Requirements
A 8.10 Information DeletionA 8.27 Secure System Architecture and Engineering Principles
A 8.11 Data MaskingA 8.28 Secure Coding
A 8.12 Data Leakage PreventionA 8.29 Security Testing in Development and Acceptance
A 8.13 Information BackupA 8.30 Outsourced Development
A 8.14 Redundancy of Information Processing FacilitiesA 8.31 Separation of Development, Test and Production Environments
A 8.15 LoggingA 8.32 Change Management
A 8.16 Monitoring ActivitiesA 8.33 Test Information
A 8.17 Clock SynchronisationA 8.34 Protection of Information Systems During Audit Testing


ISO 27001 Downloads

Go further

Knowledge & Insights

Book your demo

Whether you want a complete walkthrough of Hicomply, or just want to chat to our team about your needs — we’re here to help and guide you on your journey to information security compliance.

  • Learn how to simplify your certification process
  • Discover our built-in automations to improve efficiency
  • See how Hicomply can be tailored to your requirements