ISO 27001:2022 Annex A has 93 controls β but it's the technical ones (the 'Technological' theme) where auditors want actual evidence, not just a policy. We map them against your GitHub and attack surface and show where you stand.
Run a free domain scan All checks βWe map the technical Annex A controls (the A.8 theme) to measurable reality: access restriction (A.8.2β8.5), protection against malware and vulnerabilities (A.8.7β8.8), secure development and change management (A.8.25β8.32), backup (A.8.13) and network security (A.8.20β8.23).
ISO 27001 certification often stumbles on the gap between the Statement of Applicability and actual technical evidence. A control marked 'implemented' but not demonstrable in practice is a nonconformity β we provide the provable status per control.
Do you cover all 93 controls?
We focus on the technical ones (the A.8 theme) where evidence is measurable. The organisational, people and physical controls are outside the technical review.
Does this replace a certification auditor?
No β we provide the technical evidence that makes the audit smoother. The certificate is issued by an accredited body.
2013 or 2022?
We map to ISO 27001:2022 Annex A (the new structure with 93 controls in four themes).
Run a free scan or order a full Security Assessment β prioritised, not noise.
Run a free domain scan