ISO 27001 runs in the same data model as BCMS, DSMS and AIMS. Annex A maps once and feeds every audit. The ISMS is the start, not the destination.
ISO 27001:2022 Annex A controls pre-loaded
ISMS controls also feed BCMS, DSMS, AIMS evidence
Statement of Applicability generated, not assembled
KaitoSec scans your asset inventory, policies, and existing controls against the full ISO 27001:2022 Annex A control set. You get a prioritized remediation backlog on day one, not after weeks of consultant workshops.
Your SoA is generated automatically and updated in real time as controls are implemented or excluded. Auditors can access a read-only link directly, no more spreadsheet exports or stale PDFs.
Ship a complete, ISO-aligned policy library in minutes using KaitoSec's template engine. Policies are version-controlled, linked to controls, and require explicit staff acknowledgement.
Every Annex A control has a dedicated workspace where you assign owners, attach evidence, and track implementation status. Progress rolls up to a certification readiness score visible to the whole team.
Link risks directly to controls and define treatment options, accept, mitigate, transfer, or avoid. KaitoSec enforces documented decisions and reminds owners when risk reviews are overdue.
Invite your certification body to a scoped, read-only view of your ISMS evidence. No data dumps, no email attachments, just a structured, always-current evidence package.
Built on open catalogs: BSI, MITRE, OWASP, ENISA
Related platform features
KaitoSec