ISO27001:2022

Implementation consulting and internal audit for information security management standard compliance.

We assist organizations in the implementation and improvement of their Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2022.

Adapting to ISO/IEC 27001:2022 guarantees the confidentiality, integrity and availability of information, reducing the risk of cyber-attacks and unauthorized access. It strengthens customer and partner trust, complies with regulations such as GDPR and improves risk management and incident response.

ISO/IEC 27001:2022 Annex A Controls

Annex A of ISO/IEC 27001:2022 contains 93 controls organized into 4 main themes reflecting a modern approach to information security:

Organizational controls
Include aspects such as:

  • Information security policies.
  • Management of roles and responsibilities.
  • Protection against internal threats.
  • Security in relations with third parties.

Controls for HR
They focus on personnel management and training, and include:

  • Information security education and awareness.
  • Hiring and termination processes.

Technological controls
Aimed at technical and operational safety:

  • Access management.
  • Protection against malware.
  • Backup copies.
  • Security in communications and data transfer.

Physical controls
Ensure the protection of facilities, equipment and environments:

  • Physical access control.
  • Environmental safety.

What does our service consist of?

Initial diagnosis
We conducted a detailed analysis of the current situation of the organization in terms of information security management. This includes identifying gaps between the current state and the requirements of ISO/IEC 27001:2022.

ISMS design and implementation
We help design an ISMS tailored to the specific needs of the organization, including:

  • Definition of the scope of the ISMS.
  • Development of policies, procedures and controls.
  • Risk management based on a detailed analysis of threats, vulnerabilities and impacts.
  • Implementation of security controls according to Annex A of the standard.

Training and awareness
Training to employees and managers to ensure they understand their roles within the ISMS and are prepared to comply with the security measures.

Internal audit and continuous improvement
We conduct internal audits to assess ISMS compliance with ISO/IEC 27001:2022 and provide a report with findings, non-conformities and recommendations for continuous improvement.

Preparation for certification
We assist in the selection of a certification body and provide support in the certification audit.

With our audits, we help your company comply with legal and technical requirements, maximizing your reliability and ensuring full compliance with the eIDAS regulation.

We offer

  • Implementation consulting and internal audit:
    • We train and support the organization in complying with the standard.
    • We use an ISO27001:2022 management tool that reduces implementation and documentation time by 60-70%.
    • We issue the internal audit report.
  • Certification support:
    • We help in the final certification and in the accompaniment of the work with the certifying company.
    • We collaborate in possible corrections until the final certification seal is obtained.
    • We will accompany the renovation in successive years.
How can we help you?

Do you need legal or technological support? Contact our experts and receive a customized solution in digital regulation and technology audits.

Talk to a specialist