Question 1

What is ISO/IEC 27001:2022?

Accepted Answer

ISO/IEC 27001:2022 is the most widely recognized information security certification in the world. Unlike SOC 2 (a report), ISO 27001 is a certification — easier to communicate to non-US buyers, mandatory for EU public sector and many enterprises, increasingly cross-recognized with SOC 2. We build the ISMS once and use it for both.

Question 2

Who needs ISO 27001?

Accepted Answer

Companies selling into EU, UK, APAC, or Middle East Already-SOC-2 firms expanding internationally EU government contractors and critical infrastructure Companies preparing for ISO 42001 (which builds on 27001)

Question 3

How long does a ISO 27001 engagement take?

Accepted Answer

90 days to audit-ready. Stage 1 + Stage 2 audits typically scheduled at days 100 and 130.

Question 4

What do we get at the end?

Accepted Answer

Documented ISMS Statement of Applicability for all 93 Annex A controls Risk register with treatment plan Internal audit report Management review minutes

Question 5

Can ISO 27001 be combined with other frameworks?

Accepted Answer

Yes. We crosswalk overlapping controls so you don't pay twice — common combinations include SOC 2 + ISO 27001, HIPAA + SOC 2, and NIST AI RMF + ISO 42001.