ISO 27001:2022
ISO 27001 specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system. The 2022 version includes 93 controls organized into four themes.
Organizational Controls
37 controls- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Access control policies
People Controls
8 controls- Screening and terms of employment
- Information security awareness and training
- Disciplinary process
- Responsibilities after termination
- Confidentiality agreements
Physical Controls
14 controls- Physical security perimeters
- Physical entry controls
- Securing offices and facilities
- Equipment maintenance
- Secure disposal of equipment
Technological Controls
34 controls- User endpoint devices
- Access rights management
- Secure authentication
- Malware protection
- Backup and cryptography
ISO 27701:2019
ISO 27701 is a privacy extension to ISO 27001 that provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). It helps organizations demonstrate compliance with privacy regulations like GDPR.
Privacy-Specific Governance
- Appointment of data protection officer (DPO)
- Privacy impact assessments (PIA)
- Records of processing activities
- Privacy by design and default
PII Controller Requirements
- Legal basis for processing
- Consent management
- Rights of data subjects (access, rectification, erasure)
- Data portability obligations
- Cross-border transfer restrictions
PII Processor Requirements
- Processing only on documented instructions
- Sub-processor management
- Assistance with data subject requests
- Notification of personal data breaches
- Deletion or return of PII
Benefits of ISO Certification
Global Recognition
ISO 27001 is internationally recognized, making it easier to do business globally.
Competitive Advantage
Certification demonstrates your commitment to security, differentiating you from competitors.
Regulatory Alignment
ISO 27001/27701 helps meet requirements of GDPR, HIPAA, and other regulations.
Risk Reduction
Systematic approach to identifying and managing information security risks.
The Certification Journey
Gap Analysis
Assess current state against ISO requirements
Implementation
Build and implement your ISMS/PIMS
Internal Audit
Verify effectiveness and address gaps
Certification Audit
External audit by accredited body
How Senticit Helps with ISO Certification
Our experienced consultants guide you through every phase of your ISO certification journey, from initial assessment to successful certification.
ISMS Implementation
We help you design and implement an Information Security Management System that meets ISO 27001 requirements.
PIMS Extension
For organizations handling personal data, we extend your ISMS with ISO 27701 privacy controls.
Risk Assessment
We conduct comprehensive risk assessments using ISO 27005 methodology to identify and prioritize security risks.
Control Implementation
Our team implements the technical and organizational controls required by Annex A of ISO 27001.
Internal Audits
We perform internal audits to verify your ISMS effectiveness and prepare you for certification audits.
Certification Support
We guide you through the certification process and coordinate with accredited certification bodies.
Related Compliance & Security Services
Explore more ways we can help your business