ISO/IEC 27001:2022 — Annex A 93 controls

ISO 27001 certification on a fixed timeline, defensible to your accredited auditor

Statement of Applicability, risk treatment plan, and Annex A control implementation. Stage-1 ready in 90 days for organisations with reasonable existing security maturity.

Book a 30-min call
ISO 27001:2022 certified
Swiss-precision methodology
EU + Switzerland advisory experience

What you get in 90 days

Concrete deliverables, on a fixed timeline, with named outcomes per phase.

30 days

ISMS scope, risk assessment, governance

Approved ISMS scope statement, refreshed risk assessment with treatment plan, and a documented role assignment including ISMS owner and risk-owner roles.

60 days

SoA, control implementation, policy stack

Statement of Applicability covering all 93 Annex A controls with justifications, prioritised control implementation, and a documented policy stack signed off by management.

90 days

Internal audit, management review, Stage-1 ready

Internal audit completed with findings tracked to closure, formal management review held, and a confirmed Stage-1 audit date with the certification body.

Integration Method

Our Structured Approach to ISO 27001 Compliance

A proven four-phase framework to achieve and maintain ISO 27001 compliance with minimal risk and maximum efficiency.

1

Gap Analysis

2-4 weeks

Comprehensive assessment of your current information security state and identification of gaps against ISO 27001 requirements.

Weeks 1-4

Deliverables:

2

Framework Implementation

8-12 weeks

Development and deployment of comprehensive ISMS framework with security controls, policies, and procedures.

Weeks 5-16

Deliverables:

3

Operational Integration

4-6 weeks

Integration of ISMS processes into daily operations with staff training and workflow optimization.

Weeks 17-22

Deliverables:

4

Certification Preparation

2-3 weeks

Final audit preparation, compliance documentation, and support through the certification process.

Weeks 23-25

Deliverables:

Expected Outcomes

98%

First-time certification success rate

60%

Reduction in manual compliance effort through automation

75%

Faster risk assessment time with integrated tools

85%

Reduction in audit findings through proactive preparation

Frequently asked questions

The questions compliance leads ask us most about ISO 27001.

The 2022 revision restructured Annex A from 114 controls in 14 domains to 93 controls in 4 themes (Organizational, People, Physical, Technological). Eleven new controls cover topics like threat intelligence, cloud security, and secure coding. Organisations certified to 2013 must transition by 31 October 2025 — most surveillance audits during 2024-25 are de facto transition audits.

Ready to start? Book a 30-min scoping call.

We diagnose where you stand against the standard, scope the right engagement, and send a written brief within 48 hours.

Diagnose your gap against the standard in 30 minLive walkthrough on your call
Receive a written engagement brief in 48 hoursScope, timeline, fixed deliverables
Decide on terms before any work startsNo commitment until you sign
Book a 30-min callTalk to our team