1. Assessment Phase

  • ISO 27001 Annex A Compliance Assessment Execution
20 Credits

ISO 27001 Annex A Compliance Report

Overview

This report performs a technical assessment of your AWS environment against selected controls from ISO/IEC 27001:2013 Annex A, the internationally recognized standard for Information Security Management Systems (ISMS). Annex A defines a comprehensive set of security controls organized into multiple domains, which organizations can implement based on their specific risk landscape.

This assessment evaluates your environment against the following ISO 27001 Annex A controls:

Organization of Information Security

  • A.6.1.2 – Segregation of Duties
  • A.6.1.5 – Information Security in Project Management

Asset Management

  • A.8.1.1 – Inventory of Assets
  • A.8.1.2 – Ownership of Assets

Access Control

  • A.9.1.1 – Access Control Policy
  • A.9.1.2 – Access to Networks and Network Services
  • A.9.2.1 – User Registration and Deregistration
  • A.9.2.2 – User Access Provisioning
  • A.9.2.3 – Management of Privileged Access Rights
  • A.9.4.1 – Information Access Restriction
  • A.9.4.4 – Use of Privileged Utility Programmes
  • A.9.4.5 – Access Control to Program Source Code

Cryptography

  • A.10.1.1 – Policy on the Use of Cryptographic Controls
  • A.10.1.2 – Key Management

Operations Security

  • A.12.1.2 – Change Management
  • A.12.1.3 – Capacity Management
  • A.12.2.1 – Controls Against Malware
  • A.12.3.1 – Information Backup
  • A.12.4.1 – Event Logging
  • A.12.4.2 – Protection of Log Information
  • A.12.4.3 – Administrator & Operator Logs
  • A.12.5.1 – Installation of Software on Operational Systems
  • A.12.6.1 – Management of Technical Vulnerabilities
  • A.12.6.2 – Restrictions on Software Installation

Communications Security

  • A.13.1.1 – Network Controls
  • A.13.1.3 – Segregation in Networks
  • A.13.2.1 – Information Transfer Policies & Procedures
  • A.13.2.3 – Electronic Messaging

System Acquisition, Development, and Maintenance

  • A.14.1.1 – Information Security Requirements Analysis & Specification
  • A.14.1.2 – Securing Application Services on Public Networks
  • A.14.2.1 – Secure Development Policy
  • A.14.2.2 – System Change Control Procedures
  • A.14.2.3 – Technical Review After Platform Changes
  • A.14.2.4 – Restrictions on Changes to Software Packages
  • A.14.2.7 – Outsourced Development

Information Security Incident Management

  • A.16.1.1 – Responsibilities and Procedures
  • A.16.1.2 – Reporting Information Security Events

Information Security Aspects of Business Continuity

  • A.17.1.2 – Implementing Information Security Continuity
  • A.17.2.1 – Availability of Information Processing Facilities

Compliance

  • A.18.1.3 – Protection of Records
  • A.18.1.4 – Privacy and Protection of Personally Identifiable Information
  • A.18.1.5 – Regulation of Cryptographic Controls

The assessment covers many AWS services, including IAM, S3, CloudTrail, KMS, and Security Hub.

Upon completion, you will receive a detailed report identifying all passed and failed resources, along with actionable remediation steps to help you align your AWS environment with ISO 27001 Annex A technical controls.