ISO/IEC 27001
ISO/IEC 27001:2022 - Information Security Management Systems
Certifiable standard for information security management. Together with Annex A:2022 (93 controls organised in 4 themes: organisational, people, physical, technological), it is the benchmark most often required in tenders, enterprise contracts and supply chains.
- 01Definition of the Statement of Applicability (SoA) and scope
- 02Documented risk assessment and risk treatment plan
- 03Implementation of applicable Annex A controls
- 04Internal audit, management review and continuous improvement
- 05Technical controls: A.8 (Technological), including A.8.7 malware protection, A.8.8 vulnerability management, A.8.16 monitoring activities
MON5 provides objective technical evidence for many Annex A:2022 controls applied to the OT perimeter - usually the least covered area in IT-focused ISMS. Continuous monitoring (A.8.16), vulnerability management (A.8.8), asset inventory (A.5.9) and network management (A.8.20-A.8.23) are automatically documented.
- →A.5.9 Inventory of information and associated assets
- →A.8.8 Management of technical vulnerabilities (CVE + EPSS)
- →A.8.16 Monitoring activities on the OT network
- →A.8.20-23 Network security and segregation (zones/conduits)
- →Exportable reports as evidence for certification audits
Let's figure out what you really need.
Show us the OT perimeter and the regulations you need to cover: we will tell you what MON5 documents directly, where complementary work is needed, and which tier to start from - no hard selling.