Skip to main content

ISO 27001 Compliance with Gover

ISO 27001 is the international standard for information security management systems (ISMS).

Overview

Attribute	Value
Full Name	ISO/IEC 27001:2022
Type	International Standard
Publisher	ISO/IEC
Certification	Available through accredited bodies

Structure

Main Clauses (4-10)

Context of the organization
Leadership
Planning
Support
Operation
Performance evaluation
Improvement

Annex A Controls

93 controls organized in 4 themes:

Organizational controls (37)
People controls (8)
Physical controls (14)
Technological controls (34)

Key Requirements

ISMS Requirements

Define scope
Create an information security policy
Risk assessment
Risk treatment
Statement of Applicability (SoA)
Continuous improvement

Annex A Control Domains

Domain	Controls
A.5 Organizational	Policies, roles, responsibilities
A.6 People	Screening, awareness, training
A.7 Physical	Security areas, equipment, utilities
A.8 Technological	Access control, cryptography, operations

Using Gover for ISO 27001

1. Add the Framework

Go to Frameworks → Add Framework
Select ISO 27001:2022 from templates
Add to your workspace

2. Define Your Scope

Document your ISMS scope:

Organizational boundaries
Information assets
Locations
Technologies

3. Perform Risk Assessment

Use Gover's risk management:

Identify information security risks
Assess likelihood and impact
Determine risk levels
Plan treatment actions

4. Create Statement of Applicability (SoA)

Map controls to requirements:

Mark applicable controls
Document justification for exclusions
Map to implemented controls

5. Implement Controls

For each Annex A control:

Create or map existing controls
Map evidence documents
Assign owners
Track implementation

Certification Journey

Recommended Approach

Gap Analysis — Assess current state against ISO 27001
Risk Assessment — Identify and assess risks
Control Implementation — Address gaps
Documentation — Create required documents
Internal Audit — Verify compliance
Certification Audit — External assessment

Key Documents

Document	Purpose
ISMS Policy	High-level information security commitment
Risk Assessment	Documented risk analysis
Statement of Applicability (SoA)	Control applicability
Risk Treatment Plan	How risks are addressed
Internal Audit Reports	Audit findings

Resources

Next Steps

Risk Management — Implement risk processes
Controls — Manage your controls

Overview
Structure
- Main Clauses (4-10)
- Annex A Controls
Key Requirements
- ISMS Requirements
- Annex A Control Domains
Using Gover for ISO 27001
Certification Journey
Recommended Approach
Key Documents
Resources
Next Steps