ISO/IEC 27001:2022
The global Information Security Management System standard, updated in 2022 with 93 Annex A controls in four themes.
Any organisation operating an ISMS and seeking accredited certification.
Safeguard maintains an ISO/IEC 27001:2022 certification covering its production environment.
What ISO 27001 actually requires.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
An ISMS with leadership, planning, support, operation, performance evaluation, improvement clauses.
Risk assessment and risk treatment plan.
Statement of Applicability covering 93 Annex A controls in 4 themes (organisational, people, physical, technological).
Internal audit and management review.
Pre-mapped controls. Continuous evidence.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
ISMS structure mapped to clauses 4–10.
93 Annex A control evidence with continuous attestation.
Statement of Applicability auto-generated and version-controlled.
Crosswalks to SOC 2, NIST CSF, PCI-DSS, and HIPAA to reuse evidence.
Artifacts your auditor accepts.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
ISMS scope statement.
Statement of Applicability (SoA).
Risk treatment plan.
Internal audit reports.
Annex A control evidence bundle.
One evidence base. Many regulators.
These frameworks share substantial control overlap with ISO 27001. Customers running one assessment typically satisfy the others with the same evidence base.
ISO/IEC 27017
Cross-jurisdictional
Cloud-specific extension to ISO 27002, covering controls for cloud customers and cloud service providers.
ISO/IEC 27018
Cross-jurisdictional
ISO standard for protection of PII in public clouds acting as PII processors.
ISO/IEC 27701
Cross-jurisdictional
Privacy Information Management System extension to ISO 27001 — the privacy ISO most commonly used as a GDPR/LGPD evidence anchor.
SOC 2 Type II
North America
The Trust Services Criteria attestation that has become the de-facto B2B SaaS security baseline globally.
NIST CSF 2.0
Cross-jurisdictional
The NIST Cybersecurity Framework version 2.0 — six functions (Govern, Identify, Protect, Detect, Respond, Recover) with broad global adoption.
Ready for ISO 27001?
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.