ESProfiler now supports ISO/IEC 27001

ISO 27001 is the closest thing security has to a universal handshake — every procurement team asks for it, every audit cycle resurfaces it, every enterprise contract references it. And every time it comes round, someone, somewhere is rebuilding the spreadsheet that maps it to their stack. As of today, ESProfiler customers don't have to. Map your entire security stack against ISO/IEC 27001:2022 in minutes.

What is ISO/IEC 27001?

Published jointly by ISO and IEC and most recently revised in October 2022, ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS). It's certifiable — meaning an accredited body can audit your controls and issue a certificate that customers, regulators, and procurement teams already know how to read.

The 2022 revision reorganised Annex A from 114 controls across 14 domains into a tighter set of 93 controls across four themes:

Organizational — 37 controls covering policy, governance, supplier relationships, and incident management
People — 8 controls focused on the human side: screening, training, remote work, NDAs
Physical — 14 controls for premises, equipment, and physical asset protection
Technological — 34 controls covering encryption, access control, secure development, and monitoring

The four-theme structure is far easier to assign ownership across than the old 14 domains — but moving an existing control mapping over to it is exactly the multi-week spreadsheet job most teams haven't enjoyed.

Why it matters for you

For security and compliance teams, ISO 27001 is the bridge between security work and business value. In practice that means:

A trust signal customers, partners, and regulators recognise instantly
A continuous improvement cycle (Plan-Do-Check-Act) baked into how you run security
A defensible baseline when an auditor, prospect, or insurer asks what "good" looks like

It's also the framework most likely to show up in your sales cycle, your insurance renewal, and your next M&A diligence pack — frequently all in the same quarter.

Map your stack in minutes — and see exactly where you stand

Mapping a security stack to a new framework by hand is usually a multi-week spreadsheet exercise. In ESProfiler, it isn't.

ISO/IEC 27001:2022 is now live alongside MITRE ATT&CK, MITRE F3, NIST CSF, the NIST AI RMF, and every other framework in the platform. Point ESProfiler at your existing tools and you'll see:

Coverage in minutes, not weeks — your stack mapped automatically across all 93 Annex A controls and the four themes
Gaps at a glance — the controls no tool in your environment addresses, surfaced and prioritised
Overlaps you're paying for twice — controls duplicated across vendors, ranked by spend

Whether you're prepping for your first certification or your fifth surveillance audit, the same engine cuts the mapping work from weeks to minutes.

Get started

If you're an existing customer, ISO/IEC 27001 is already live in your tenant — open the Frameworks view to start mapping.

If you're not, book a demo and we'll show you your ISO 27001 coverage gaps in the time it usually takes to schedule the kickoff meeting.