Risk & Compliance Engine
ISO 27001 Mapping
How TrustCyber maps findings to ISO/IEC 27001:2022 controls.
ISO/IEC 27001:2022 is the international standard for information security management systems (ISMS). TrustCyber maps your Microsoft 365 security posture to the 93 controls in Annex A of ISO 27001:2022, providing a gap analysis that can be used to support your ISO 27001 certification journey.
ISO 27001 Control Domains
| Domain | Controls | TrustCyber Coverage |
|---|---|---|
| Organizational Controls (5.x) | 37 controls | High |
| People Controls (6.x) | 8 controls | Medium |
| Physical Controls (7.x) | 14 controls | Low (physical not in scope) |
| Technological Controls (8.x) | 34 controls | High |
NotePhysical controls (Clause 7) are outside the scope of TrustCyber's Microsoft-focused analysis. For a complete ISO 27001 gap assessment, physical security controls should be assessed separately.
Using TrustCyber for ISO 27001 Certification
TrustCyber's ISO 27001 gap report can serve as evidence for your Statement of Applicability (SoA) and can be used to demonstrate control implementation to your certification auditor. The report includes control-by-control status (Implemented, Partially Implemented, Not Implemented) with supporting evidence from your Microsoft environment.