Skip to content

ISO 27001:2022 Controls

Note

Controls not covered below are controls which cannot be fulfilled by Welkin. These include requirements such as:

  • Your management team needs to regularly perform various risk analysis.
  • You need to do background checks when recruiting.
  • You need to activate multi-factor authentication in your Identity Provider.
  • You need to have a policy on how to safely use USB sticks.
  • Requirements which fall under the scope of the application.

ISO/IEC 27001:2022 is the latest version of the international standard for Information Security Management Systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.

ISO/IEC 27001:2022 is structured around a risk-based approach, where organizations must identify and mitigate security risks through a set of well-defined controls. These controls are detailed in Annex A and includes 93 controls categorized into four key themes:

  1. Organizational Controls (37 controls) – Covering governance, policies, roles, and responsibilities, such as information security roles, supplier relationships, and threat intelligence.
  2. People Controls (8 controls) – Focused on human factors, including security awareness training, screening, and disciplinary processes.
  3. Physical Controls (14 controls) – Addressing physical security measures like access controls, equipment security, and environmental protections.
  4. Technological Controls (34 controls) – Covering cybersecurity measures such as encryption, identity management, and network security.

Welkin can help your organization implement some of these control.

Important

Many ISO 27001:2022 controls apply to your organization. Being a product, Welkin cannot help you implement all of them. For example, "Annex A 6 People Controls" is something your HR department should be tasked with and is outside the scope of Welkin. Controls which are not mentioned below are outside the scope of Welkin as an application platform.

For Welkin Customers

Please get in touch with Elastisys for a mapping of controls to Welkin features, including evidence of implementation.