ISO 27001
This collection is built for teams turning ISO 27001 from a certification project into an operating rhythm across policies, assets, risks, and internal audits.
What this collection helps you do
Stand up an ISMS with clear ownership and review cycles
Map risks and controls to Annex A without duplicate work
Prepare for internal audits and management review with less friction
Best for
Global teams formalizing an ISMS and aligning controls across multiple regions or business units.
Talk to CloudAnzenCollection Articles
Browse the full set
11 resources in this collection
ISO 27001 2022 transition: evidence documentation auditors now expect
The 2022 revision restructured Annex A and added 11 new controls — here is what your auditor will actually ask for at the transition audit.
Open resourceBuilding an ISO 27001 ISMS operating rhythm
ISO 27001 becomes manageable when you turn the ISMS into a review cadence instead of a one-time project.
Open resourceISO 27001 risk register structure that teams can maintain
A practical structure for keeping risk treatment visible without turning the register into an archive.
Open resourceISO 27001 statement of applicability template
A lightweight way to document which Annex A controls apply, why they apply, and how they are implemented.
Open resourceISO 27001 internal audit prep checklist
A checklist for making internal audits useful, repeatable, and less disruptive to operators.
Open resourceHow to scope your ISO 27001 ISMS as a Series B SaaS
Most Series B SaaS teams scope their ISMS too broadly, then spend months collecting evidence for systems that barely touch customer data — here is how to get the boundary right.
Open resourceHow to scope ISO 27001 ISMS for a Series B SaaS
Scoping your ISMS wrong is the fastest path to a failed audit — here is how to define defensible boundaries as your SaaS scales
Open resourceSetting ISO 27001 ISMS boundaries for a Series B SaaS
ISMS scope is the highest-leverage decision in your ISO 27001 journey — get it wrong and you spend months closing controls that never needed to be open
Open resourceISO 27001 internal audit mistakes that trigger nonconformities
The gaps that become certification nonconformities are almost always visible in the internal audit first — here is what operators keep missing.
Open resourceISO 27001 mandatory documents: the audit evidence package auditors check first
Before an ISO 27001 auditor reviews your controls, they open a mandatory document checklist — here is what belongs in that package and what each item needs to contain
Open resourceISO 27001 supplier security: what Annex A 5.19 audit evidence must include
Annex A 5.19 covers information security in supplier relationships — here is exactly what evidence an auditor expects to see and why gaps are so common
Open resource