ISO/IEC 27001:2022

• /dashboard/iso27001 — ISMS overview.
• /dashboard/iso27001/soa — Statement of Applicability generator.
• /dashboard/iso27001/internal-audit — internal audit programme.
• /dashboard/risk-register — ISO 27005-aligned risk methodology.

1. Define ISMS scope — business units, locations, information systems.
2. Adopt the risk methodology (likelihood × impact, appetite thresholds).
3. Run risk assessment → risk treatment plan → Statement of Applicability.
4. Implement controls; evidence each one via the Evidence module.
5. Execute internal audit; record non-conformities and remediation.
6. Management review → certification / surveillance audit package export.

The Controls library tags each ISO 27001 Annex A entry against DORA, NIS2, and GDPR where the requirement overlaps, so one evidence artifact can close multiple gaps.