ISO/IEC 27001:2022
ISO 27001 is the international standard for information security management. It defines requirements for establishing, implementing, maintaining, and continually improving an ISMS.
Key requirements
ISO/IEC 27001:2022
How Acuna helps
Map all 93 Annex A controls and Statement of Applicability within the Comply pane.
Assign control ownership, attach evidence, and track implementation status per control.
Run recurring checks, manage risks and treatment plans, maintain the risk register.
Prepare audit packs, track nonconformities, manage corrective actions.
FAQ
Acuna covers the full ISO 27001 lifecycle from scoping and control mapping in Comply, through implementation and evidence collection in Implement, to operational risk management in Operate, and audit preparation in Assure.
Yes. Acuna's cross-framework mapping eliminates duplicated work. Controls shared between ISO 27001, SOC 2, NIS2, and other frameworks are mapped once and reused.
Yes. Acuna is built for ISO/IEC 27001:2022, including the updated Annex A control set with 93 controls across 4 themes.
The SoA is managed directly in the Comply pane. Each Annex A control can be marked applicable or not applicable with a documented justification.
An Information Security Management System is the set of policies, procedures, and controls that manage information security risks. Acuna provides the operational platform to run your ISMS day to day.
Related answers
ISO 27001 is the international standard for information security management systems (ISMS). Published by ISO/IEC, it defines requirements for establishing, implementing, maintaining, and continually improving an ISMS. The 2022 revision includes 93 controls across four themes: organisational, people, physical, and technological. Certification requires an accredited external audit demonstrating that the ISMS meets all clause requirements and that selected Annex A controls are implemented and effective. Acuna supports the full ISO 27001 lifecycle from scoping through audit preparation.
GRC (Governance, Risk, and Compliance) is a broad management discipline covering how an organisation directs strategy, manages risk, and meets regulatory obligations across all domains. An ISMS (Information Security Management System) is a specific implementation of governance and risk management focused on information security, typically conforming to ISO 27001. An ISMS is one component within a wider GRC programme. Acuna is a GRC platform that supports ISMS management as one of its use cases alongside privacy, business continuity, supplier risk, and enterprise risk management.
The Statement of Applicability (SoA) is a mandatory document in ISO 27001 that lists all Annex A controls, states whether each is applicable or not applicable to the organisation's ISMS scope, provides justification for exclusions, and references the implementation status of each applicable control. The SoA is a key audit artefact — auditors use it to verify that control selection is risk-based and that excluded controls have documented rationale. In Acuna, the SoA is managed directly in the Comply pane with applicability markings and justification fields per control.
In Comply, each requirement can be marked Applicable or Not Applicable with a mandatory justification field. For ISO 27001, this produces the Statement of Applicability (SoA). Applicability decisions propagate downstream: when a requirement is marked not applicable, its linked measures and controls are excluded from coverage calculations. Auditors can filter the requirement list by applicability status and export the SoA as a versioned artefact. Changing applicability after initial marking is tracked in the audit trail with the user, timestamp, and reason for change.
Get access and our team will walk you through the ISO 27001 implementation in Acuna.
Get Access