FRAMEWORK · ISO 27001

ISO/IEC 27001:2022.
Certification with less manual effort.

Voluntary international standard, increasingly required by B2B clients, tenders, insurance and corporate compliance. Itamite automatically covers 30+ Annex A controls related to endpoints, configuration and monitoring.

See pricing ISO 27001 demo

Why certify?

ISO 27001 is the most internationally recognized information security management standard. Certification demonstrates to clients, partners and regulators that your organization has a mature, documented and audited Information Security Management System (ISMS).

Typical cases where you need it: large B2B tenders (more companies require it from suppliers), opening international markets, sectoral regulatory compliance (healthcare, finance), cybersecurity insurance premium reduction, due diligence in M&A operations.

ANNEX A — COVERED CONTROLS

ISO 27001:2022 controls ↔ Itamite mapping

2022 version reorganized controls into 4 themes: People, Physical, Technological, Organizational.

A.5 — Organizational controls (partial)

A.5.7 Threat intelligence (EDR integration). A.5.10 Acceptable use of information and assets. A.5.16 Identity management. A.5.17 Authentication information. A.5.18 Access rights. A.5.23 Cloud services security. A.5.30 ICT continuity. A.5.36 Policy compliance.

A.8 — Technological controls (main focus)

A.8.1 End user devices. A.8.2 Access privileges. A.8.3 Information access restriction. A.8.5 Secure authentication. A.8.7 Malware protection. A.8.8 Technical vulnerability management. A.8.9 Configuration management. A.8.10 Information deletion. A.8.11 Data masking. A.8.12 DLP. A.8.13 Backup. A.8.15 Logging. A.8.16 Monitoring activities. A.8.17 Clock synchronization. A.8.19 Authorized software. A.8.20-A.8.23 Network security. A.8.24 Cryptography use. A.8.25-A.8.28 Secure development and testing. A.8.32 Change management.

ISO 27001 PROCESS

The path to certification

01

Scope definition

You decide which part of your organization to certify (all, a BU, a service). Itamite provides the complete inventory of the scope.

02

Gap analysis and remediation plan

Compare your current state with Annex A controls. Itamite gives you the real-time picture of what's technically covered.

03

ISMS implementation

Mandatory documentation: IS policy, statement of applicability (SoA), risk analysis methodology, procedures. Itamite covers technical evidence of applied controls.

04

Internal audit and management review

Mandatory pre-audit by internal team or consultant. When everything is ready, the certifier does external Stage 1 audit (documentary) + Stage 2 (operational).

05

Certification and maintenance

If audit is favorable, you receive certificate valid 3 years with annual surveillance audits and recertification at the end of the triennium. Itamite maintains continuous evidence for those audits.

FAQ

ISO 27001 questions

How much does certification cost?
Typical cost: €15,000-40,000 first certification (consultancy + audit) + €5,000-15,000 annual maintenance. Itamite reduces consultancy cost because you already provide automated technical evidence.
How long does certification take?
Typically 9-15 months from project start to certificate. With Itamite already in production: 6-9 months (you shorten the technical control implementation phase).
Which certification bodies issue it?
Accredited in Spain by ENAC: AENOR, Bureau Veritas, DNV, SGS, Lloyd's, TÜV Rheinland, BSI, LRQA. Compare prices and timelines. Some have sectoral specialization (e.g. health, defense).
Does ISO 27001 cover GDPR?
Indirectly. ISO 27001 covers information security in general; GDPR is specific to personal data. There's a derived standard (ISO 27701) specific to privacy management that extends ISO 27001 with GDPR requirements.
Is Itrion Software certified?
External audit scheduled Q3 2026. Public commitment to obtain ISO 27001:2022 certification before end of year. Process documentation available for Enterprise clients.

Going to start the ISO 27001 project?

Demo of how Itamite reduces 50% the technical control implementation work.

See pricing Request demo