A Swiss Army Knife for ISO 27001:2022 Compliance

ISO standards may not always jump out as the most exciting of topics for dinner party conversation, but their growing importance in business cannot be denied. And this year it is well worth us talking about ISO 27001:2022 specifically (though perhaps not over dinner). It is expected that as many as 90,000* organisations might renew their certification or gain it for the very first time this year. The auditors will be busy!

For those who are renewing at the end of the three-year cycle, it is important to note that you will now be assessed under the newer 2022 standard specifications. This new version asks a lot more questions and is looking for conformity to a much more comprehensive framework.

ISO/IEC 27001:2022 Annex A introduced 11 brand new controls, merged 24 controls and revised 58 controls. These controls relate to some pretty hot topics including threat intelligence, information security for the use of cloud services, data leakage prevention, and the nitty-gritty of monitoring and web filtering. It was a welcome update and an appropriate reaction to the changes, risks, and threats faced by organisations in our increasingly digitising world.

I have heard some vendors enthusiastically making huge promises about the way their technology can ensure compliance, but when you are staring down the impending audit, such vague and excessive promises help no one. I will moderate my promises and provide specifics. Netskope One helps organisations comply with more than 70 of the controls required for certification, some fully and some partially. I know this because we have mapped it in detail. Imagine us as your cybersecurity Swiss Army knife for ISO 27001:2022 compliance with tools to help rationalise the standards.

Let’s briefly look into each of the four aspects from the framework.

The Organisational Backbone

Organisation-wide controls are the backbone of ISO 27001:2022, focused on the policies, procedures and responsibilities needed for effective information security. And for our customers, the Netskope Zero Trust Engine sits at the heart of all information security policies and controls, using threat intelligence, identity, access management and more to inform and enforce controls in the moment and track their acknowledgement. This unified approach empowers an organisation to pre-emptively address potential cybersecurity threats and helps them comply with 32 of the controls in this section of the framework. 

People Power

ISO 27001 recognises the importance of people within an organisation’s security posture, and Netskope’s tools currently help organisations comply with six of the controls in this section of the certification. Including the enablement of secure remote working solutions and customisable coaching messages specific to applications in use and policy infringements, helping educate users and reinforce organisational requirements in the moment to build a stronger cybersecurity culture.

Beyond the Physical to Technological

While Netskope’s technology can supplement the physical control requirements of ISO 27001:2022 (such as protecting physical media via a technical control) I am determined to keep our promise of providing realistic information about where our tech specifically enables organisations to fully align to the ISO standard. So I will focus here on what we do in the Technological section—where we help organisations comply with 30 of the controls from the security of network services, web filtering, application security, and data leakage prevention.

Wrapping Up

So, what’s the takeaway? Adapting to ISO/IEC 27001:2022 is more than a checkbox exercise—it’s about strengthening your defences for the digital age. And that’s the same ethos that we had in building Netskope One.

Curious to dive deeper? We’ve got just the thing. Download this guide that maps Netskope’s technology line by line, control by control, to the requirements of ISO 27001:2022. 

*Last year, more than 75,000 ISO 27001 certificates were handed out, with a whopping 20% global growth rate. If they see the same growth rate this year you would be looking at around 90,000 audits!