ISO 27001
ISO 27001:2022 continuous monitoring
All 93 Annex A controls. Continuous evidence collection against your ISMS scope.
93
Annex A controls covered under ISO 27001:2022
4
Annex A themes: Organizational, People, Physical, Technological
15m
Evidence collection cycle — continuous, not periodic
Coverage
Annex A control coverage
ISO 27001:2022 organizes 93 controls across four themes. Tenurex maps each to observable production system state.
Organizational
37
controls monitored
Policies, roles, access mgmt
Policies, roles, access mgmt
People
8
controls monitored
Training, screening, offboarding
Training, screening, offboarding
Physical
14
controls monitored
Physical access, media disposal
Physical access, media disposal
Technological
34
controls monitored
Auth, cryptography, monitoring
Auth, cryptography, monitoring
| Control | Description | Monitored by | Test type |
|---|---|---|---|
| 5.15–5.18 | Access control, identity management, authentication | Okta, AWS IAM, Google Workspace | Automated |
| 5.23 | Information security for use of cloud services | AWS Config, Azure AD | Automated |
| 6.1 | Screening of personnel | Rippling, BambooHR | Automated |
| 8.2 | Privileged access rights | AWS IAM, GitHub, Okta | Automated |
| 8.4–8.5 | Source code, authentication information | GitHub, GitLab | Automated |
| 8.15–8.16 | Logging, monitoring activities | AWS CloudTrail, Datadog, Splunk | Automated |
| 8.24–8.25 | Cryptography, secure development lifecycle | AWS Config, GitHub | Automated |
Ready to automate ISO 27001 evidence collection?
Talk to a compliance engineer and see Tenurex map your ISMS scope live.
Request ISO 27001 demo