Who it applies to
ISO/IEC 27001:2022 is the de facto baseline expected by enterprise customers, public-sector tenders and most insurance underwriters. The 93 Annex A controls are organised into Organisational, People, Physical and Technological control families.
What it requires
- A documented Information Security Management System (ISMS) with risk treatment plan
- Annex A.5.7: threat intelligence
- Annex A.6.3: information security awareness, education and training
- Annex A.8.8: management of technical vulnerabilities
- Annex A.5.24 / A.5.27: incident management and learning from incidents
How Sandline helps
- Vulnerability management programme that satisfies A.8.8 with quarterly auditor-grade evidence
- Penetration testing as Annex A control validation
- Threat intelligence programme that satisfies A.5.7
- Awareness training (A.6.3) with role-specific labs and per-participant assessment
- Incident response evidence package for A.5.24 / A.5.27