ISO 27001 | TrueConfig

International standard for information security management systems with Annex A controls.

What is ISO 27001?

ISO/IEC 27001 is the international standard for establishing, implementing, maintaining, and improving an Information Security Management System (ISMS). It uses a risk-based approach—organizations identify risks and select appropriate controls from Annex A. Certification demonstrates to customers and partners that security is systematically managed.

In Microsoft 365

ISO 27001 Annex A controls map to Microsoft 365 security features. A.9 (Access Control) maps to Azure AD Conditional Access and RBAC. A.12 (Operations Security) maps to logging and monitoring. A.14 (System Acquisition) maps to application security controls.

Examples

1A.9.4.2 - Secure log-on procedures
2A.9.2.3 - Management of privileged access rights
3A.12.4.1 - Event logging

Related TrueConfig Controls

These controls help implement and verify iso 27001 in your Microsoft 365 environment.

CA-01Require MFA via Conditional Access Policy PA-01Limit Global Administrators to 2-4 PA-04Require PIM for All Privileged Roles LOG-01Enable Unified Audit Logging

Frequently Asked Questions

What is ISO 27001?▼

International standard for information security management systems with Annex A controls.

How does ISO 27001 work in Microsoft 365?▼

ISO 27001 Annex A controls map to Microsoft 365 security features. A.9 (Access Control) maps to Azure AD Conditional Access and RBAC. A.12 (Operations Security) maps to logging and monitoring. A.14 (System Acquisition) maps to application security controls.

What are examples of ISO 27001?▼

Examples of ISO 27001 include: A.9.4.2 - Secure log-on procedures, A.9.2.3 - Management of privileged access rights, A.12.4.1 - Event logging.

Which TrueConfig controls relate to ISO 27001?▼

TrueConfig controls related to ISO 27001 include: CA-01, PA-01, PA-04, LOG-01. These controls help implement and verify iso 27001 in your environment.