Information Security Management

ISO/IEC 27001:2022

The international standard for information security management systems.

Knowledge Hub
93 Controls
Annex A
4 Themes
Org · People · Physical · Tech
Clause 6–10
Risk & Assurance
Global Standard
ISO/IEC Accredited
Overview

ISO/IEC 27001:2022 is the internationally recognized standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It specifies the requirements an organization must satisfy to gain certification — and the documentation evidence it must produce to demonstrate that its ISMS is operational, controlled, and continually improving.

The 2022 revision introduced 93 Annex A controls organized across four themes (Organizational, People, Physical, Technological), replacing the previous 14-domain structure. Documentation requirements span the full ISMS lifecycle: policy architecture, risk assessment and treatment, Statement of Applicability, management review, internal audit, and corrective action.

Standard Identity
ISO/IEC 27001:2022
Information Security Management
ISO 27001
Key Requirements

What the standard
requires you to document.

Clause 5 – Leadership

Information security policy, roles and responsibilities, organizational commitment documentation.

Clause 6 – Planning

Risk assessment methodology, risk register, Statement of Applicability (SoA), risk treatment plan.

Clause 7 – Support

Competence records, awareness documentation, communication plans, controlled documentation lifecycle.

Clause 8 – Operation

Operational planning, supplier security assessments, vulnerability management records.

Clause 9 – Performance

Internal audit programme, management review records, KPI tracking documentation.

Clause 10 – Improvement

Nonconformity records, corrective action tracking, continual improvement evidence.

ELDR Documentation

Templates and resources
available from the Knowledge Hub.

Information Security Policy Suite (master policy + domain-specific policies)
Statement of Applicability (SoA) — all 93 Annex A controls with justification
Risk Assessment Report and Risk Register (ISO 27005 aligned)
Risk Treatment Plan with implementation status tracking
ISMS Management Review Template (Clause 9.3)
Internal Audit Programme and Evidence Checklists
Control Narrative Templates — all 4 themes, 93 controls
Evidence Traceability Matrix — Clause 6 through Clause 10
Request Access

Templates and implementation resources for ISO/IEC 27001:2022 are available through the ELDR Institute Knowledge Hub and via direct request.

Or: [email protected]

Related Frameworks