Information security — ISMS
ISO/IEC 27001 — run your information security management system
ISO/IEC 27001 is the world's most widely adopted standard for an Information Security Management System (ISMS) — the framework enterprise customers, partners and regulators most often ask you to hold. The current edition, ISO/IEC 27001:2022, pairs the management-system clauses with the 93 controls of Annex A, reorganized into four themes: Organizational, People, Physical and Technological.
HAiCapita helps you implement those controls and assemble the evidence; the certificate itself is always granted by an accredited third-party certification body after their audit — never by us. We get you audit-ready.
What ISO/IEC 27001 covers
27001 follows the standard management-system shape (context, leadership, planning, support, operation, performance evaluation and improvement) applied to information security. At its core is a risk-driven approach: you assess information-security risks, select controls to treat them, and document them in a Statement of Applicability against Annex A. Annex A 2022 lists 93 controls across four themes — Organizational (37), People (8), Physical (14) and Technological (34) — with detailed implementation guidance in the companion ISO/IEC 27002:2022.
How HAiCapita helps
Adopt a pre-built ISO 27001:2022 Annex A control library and tailor it to your scope. Run gap analysis to see exactly where you stand and generate a Statement of Applicability. Map one control to the evidence that satisfies it — then reuse that same evidence across ISO 27017, ISO 27018, SOC 2 and the rest of your framework set. Collect evidence on a schedule or on demand — including screenshots and connector pulls — versioned with chain-of-custody in a tamper-evident (WORM) audit trail, and let an AI copilot draft policies and accelerate remediation.
One control set, many standards
Most organizations don't stop at 27001. Author a control once and crosswalk it to ISO/IEC 27017 (cloud security), ISO/IEC 27018 (PII in public cloud), SOC 2, the Egypt PDPL and the CBE Financial Cybersecurity Framework — so a single control and its evidence satisfy every standard it maps to, instead of duplicating the work per framework.
Sovereign — SaaS or fully air-gapped
Run your ISMS as multi-tenant SaaS in-region, or fully air-gapped on your own infrastructure with no external egress and no phone-home — the same platform either way, with entitlements from a locally-verified signed license. Ideal for regulated, financial-sector and public-sector organizations in Egypt and the wider MENA region.
Frequently asked questions
Does HAiCapita certify my organization for ISO 27001?
No — and no software can. HAiCapita gets you audit-ready: it provides the Annex A control library, gap analysis, a Statement of Applicability and the evidence an auditor needs. The ISO/IEC 27001 certificate is issued by an accredited independent certification body after their audit.
What changed in ISO/IEC 27001:2022?
The 2022 edition reorganized Annex A from 114 controls in 14 domains into 93 controls across four themes — Organizational, People, Physical and Technological — and introduced 11 new controls (such as threat intelligence, secure coding and data leakage prevention). HAiCapita's control library reflects the current 2022 structure.
Can I map ISO 27001 controls to SOC 2 and other frameworks?
Yes. Controls are authored once and crosswalked across frameworks, so a single control and its evidence can satisfy ISO 27001, ISO 27017/27018, SOC 2 and the rest of your framework set at the same time — instead of running each program in a silo.
Is ISO 27001 available in an air-gapped deployment?
Yes. The full ISO 27001 capability runs in the fully air-gapped, on-premise deployment — no external egress, entitlements from a locally-verified signed license — so your ISMS program data stays entirely within your jurisdiction.