---

title: ISO 27001

ISO 27001 Compliance

ISO/IEC 27001 is the international standard for information security management systems (ISMS). Vigo maps 33 Annex A controls across 11 control domains.

Coverage Summary

Domain	Name	Controls
A.5	Information Security Policies	1
A.6	Organization of InfoSec	1
A.8	Asset Management	2
A.9	Access Control	7
A.10	Cryptography	2
A.12	Operations Security	9
A.13	Communications Security	2
A.14	System Acquisition/Development	2
A.16	Incident Management	3
A.17	Business Continuity	1
A.18	Compliance	3

Quick Start

cp example-configs/stockpile/modules/compliance/iso-27001/*.vgo.example /srv/vigo/stockpile/modules/
for f in /srv/vigo/stockpile/modules/iso-*.vgo.example; do mv "$f" "${f%.example}"; done
cp example-configs/stockpile/compliance-roles.vgo.example /srv/vigo/stockpile/compliance-roles.vgo

Assign the iso-27001 role to nodes:

envoys:
  - match: "*.example.com"
    roles: [iso-27001]

Then publish and verify: vigocli config publish && vigocli report iso27001

Generating Reports

vigocli report iso27001
vigocli report iso27001 --format html --output iso27001-report.html

Cross-Reference

ISO 27001	NIST 800-53	SOC 2	HIPAA
A.9.2.1	AC-2	CC6.2	164.312(a)(2)(i)
A.9.2.3	AC-6	CC6.3	164.312(a)(1)
A.10.1.1	SC-13	CC5.2	164.312(a)(2)(iv)
A.12.1.2	CM-3	CC8.1	164.312(e)(2)(i)
A.12.4.1	AU-2	CC7.3	164.312(b)

Controls Not Covered

ISO 27001 domains requiring organizational processes:

• A.7 (Human Resource Security) — HR policies
• A.11 (Physical and Environmental Security) — data center access
• A.15 (Supplier Relationships) — vendor management

---