✦ Now open for early access — South Africa's first unified governance intelligence platform.Request access →
Back to Frameworks
InfoSec Standard
ISO 27001
The international standard for information security management systems (ISMS).
ISO/IEC 27001:2022113 controls (Annex A)ISMS frameworkGlobally recognised

The requirements

ISO 27001 is the world's most widely adopted information security management standard. It provides a systematic approach to managing sensitive information, ensuring it remains secure. Certification requires establishing, implementing, maintaining, and continually improving an ISMS. Encircle tracks your readiness — a certified auditor issues the certificate.

ISMS Scope & Context
Defining the scope of your information security management system, internal and external issues, stakeholder needs
Risk Assessment & Treatment
Identify information security risks, assess likelihood and impact, select and implement controls
Information Security Policy
Board-approved IS policy, objectives, roles and responsibilities — communicated across the organisation
Asset Management
Information asset inventory, classification, handling procedures, acceptable use policies
Access Control & Identity
Access management policy, user provisioning and deprovisioning, privileged access management
Incident Management
Security incident response plan, detection, reporting, escalation, and post-incident review procedures

Mapped in Encircle

This framework contributes to the following governance domains in your Encircle score:

D03 RiskD04 ComplianceD08 TechnologyD09 AI & Data
How Encircle maps this framework

Encircle maps ISO 27001:2022's mandatory clauses (4–10) and Annex A controls to D08 Technology and D03 Risk domains. Your ISO 27001 readiness score is tracked in real time. Each missing control generates an assigned task with a template where available. The Evidence Register tracks all 113 Annex A control evidence items.

Your certification journey
Assessed. Ready. Certified.

Encircle scores every gap, generates your remediation tasks, and tells you when your evidence is complete. Your accredited ISO 27001 auditor then issues your certificate.

01
Score
Encircle maps every ISO 27001 requirement and scores your current readiness across all applicable domains.
02
Remediate
Auto-generated tasks close every gap. Upload evidence once — it satisfies multiple frameworks simultaneously.
03
Ready ✓
Encircle tells you when your evidence meets every requirement. Your readiness score hits the threshold.
04
Certify
An accredited ISO 27001 auditor from the Encircle Network conducts your formal audit and issues your certificate.
← Encircle (steps 1–3)
Your accredited auditor (step 4) →
Find an accredited ISO 27001 auditor

Your ISO 27001 readiness score

Encircle tells you when you are ISO 27001 Ready — meaning your evidence satisfies all mandatory ISMS clauses and selected Annex A controls. Encircle connects you with an accredited ISO 27001 auditor from the Encircle Network when you're ready to pursue certification.

Ready to track your ISO 27001 readiness?

Request early access and get your ISO 27001 score in your first session.

Early Access

Tell us about your organisation.

We’re onboarding early-access clients before our public launch. Share your details and we’ll be in touch to get you set up first.

Early sign-on offer
Early access clients receive 25% off Implementation Support — our guided onboarding service. Offer applies to all requests submitted before platform launch.
Encircle AI
Always on — your governance advisor
Hi — I'm Encircle AI, your always-on governance advisor. I know your score, your gaps, and your frameworks. What would you like to work on?