Skip to main content
ISO 27001

ISO 27001 Certification
and Continuous Improvement

ISO 27001 is the international benchmark for information security management systems. Basenorm centralises your ISMS: context, scope, risk treatment, Statement of Applicability, Annex A controls, internal audit and management review, all connected in one governance model.

Get startedPrepare for ISO 27001

Online ISMS for ISO 27001

What is an online ISMS for ISO 27001?

An online ISMS (Information Security Management System) for ISO 27001 is a software platform that centralises the Statement of Applicability, all 93 Annex A controls, risk assessments, internal audit programmes, management reviews and supporting evidence required by the ISO 27001:2022 standard. Instead of maintaining compliance in documents and spreadsheets, your team operates the ISMS as a living system, continuously tracking control ownership, implementation status and evidence freshness. Basenorm runs your ISO 27001 ISMS online, with every Annex A control mapped to its context in the Unified Control Library and connected to real data through the Governance Graph. This makes certification audits, surveillance audits and recertification straightforward — because readiness is maintained continuously, not rebuilt in the weeks before an audit.

ISMS Context, Scope and Risk Treatment

Document organisational context, ISMS scope, risk methodology and risk treatment plans, with clear ownership and evidence at every step.

  • Context of the organisation and interested parties
  • ISMS scope and boundaries
  • Risk assessment and risk treatment methodology
  • Risk treatment plan and acceptance criteria
  • Mapping to business services, assets and suppliers

Annex A Control Families

Organisational
37 controls
People
8 controls
Physical
14 controls
Technological
34 controls
ISO 27001:2022 Total93 controls

ISMS Certification Cycle

Year 2Surveillance
Initial CertYear 0
SurveillanceYear 1
SurveillanceYear 2
RecertificationYear 3

Annex A Controls and Statement of Applicability

Operate the Annex A control set (themes and 93 controls) through the Unified Control Library, with a living Statement of Applicability and continuous evidence.

  • ISO 27001:2022 Annex A with 93 controls in 4 themes
  • Statement of Applicability with justifications
  • Control implementation and ownership
  • Continuous evidence collection across systems and suppliers
  • Cross-mapping with NIS2, GDPR, BIO and SOC 2

Internal Audit, Management Review and Improvement

Run the ISMS performance cycle with internal audits, management reviews, corrective actions and continual improvement tied to real data from the Governance Graph.

  • Internal audit programme and findings management
  • Management review with performance metrics
  • Corrective actions and continual improvement
  • Readiness scoring between certification audits
  • Full audit trail for certification bodies

Risk Treatment Status

ISO 27005

Unauthorised access

RSK-001

Mitigate
Residual Risk:
4

Data loss

RSK-002

Transfer
Residual Risk:
6

System downtime

RSK-003

Accept
Residual Risk:
8
12 treated
5 in progress
2 open

Ready to sustain your ISO 27001 ISMS?

Join organisations using Basenorm to operate ISO 27001 as a living ISMS with continuous evidence, mapped controls and an always-ready Statement of Applicability.

Get startedBrowse features

Frequently Asked Questions

Related FAQ Topics

Explore frequently asked questions about ISO 27001 and related compliance topics.

Multi-Framework ComplianceFramework ComparisonAudit ReadinessEvidence Management
View all FAQ topics