ISO 27001 certification
ISO 27001 is the globally recognized proof that your security is run properly. Scadable builds the management system and gets you certified.
What is ISO 27001?
ISO/IEC 27001 is the international standard for an Information Security Management System (ISMS): a documented, risk-based system for managing security across your organization, not a one-off checklist.
Annex A controls
The 2022 revision groups 93 controls into four themes: organizational, people, physical, and technological. You select the ones that apply through a risk assessment, recorded in a Statement of Applicability.
The certification process
Implement the ISMS, run an internal audit, then pass a two-stage external audit (a Stage 1 documentation review and a Stage 2 implementation audit) by an accredited certification body. The certificate is typically valid for three years, with annual surveillance audits.
Who needs ISO 27001?
Companies selling internationally, into the EU, or to enterprise and government buyers. It is a common requirement in vendor due diligence.
How Scadable gets you there
Scadable stands up the ISMS, maps and fixes the technical controls, maintains the evidence on an ongoing basis, and lines up the accredited auditor.
Frequently asked questions
- Is ISO 27001 a certification?
- Yes. It is issued by an accredited certification body after a two-stage audit.
- How many controls are in ISO 27001:2022?
- There are 93 Annex A controls across four themes.
- How long is an ISO 27001 certificate valid?
- Usually three years, with annual surveillance audits in between.
- ISO 27001 vs SOC 2?
- ISO 27001 is a certifiable international standard (an ISMS). SOC 2 is a US attestation report. Many companies pursue both for different markets.