CapGRC
All solutions
ISO 27001

ISO 27001, Achieve and maintain your certification with CapGRC

From gap analysis to certification, CapGRC helps you structure your ISMS and track Annex A controls with evidence.

What ISO 27001 requires

ISO 27001 defines requirements for an Information Security Management System (ISMS). CapGRC supports you in structuring and maintaining your certification program.

01

Management system (ISMS)

Establish a documented and structured ISMS.

02

Risk analysis

Conduct a methodical and documented risk analysis.

03

Annex A controls

Implement and track the 93 Annex A controls (2022 version).

04

Statement of Applicability (SoA)

Produce and maintain an up-to-date SoA.

05

Internal audits

Conduct regular internal ISMS audits.

06

Management review

Conduct periodic management reviews.

How CapGRC responds

RequirementCapGRC feature
ISMSAuthoritative documents, ISMS policies and documentation
Risk analysisCapRISK module, Register and assessment methodology
Annex A controlsCapCOM module, ISO 27001 framework and control tracking
SoACapCOM module, Structure and track the Statement of Applicability
Internal auditsCapAUDIT module, Audit missions and recommendation follow-up

Recommended modules

Ready to ensure your ISO 27001 compliance?

Request a free consultation and discover how CapGRC can structure your compliance program.