iso27001listed

# ISO 27001 Mapper > **Disclaimer**: this skill supports technical and organizational implementation, not legal or certification advice. Final certification is an independent auditor's judgement; this skill helps you prepare but does not replace an accredited auditor. ## When to use ISO/IEC 27001:2022 is the international certifiable standard for an Information Security Management System (ISMS). The 2022 revision replaces 2013 with a revised Annex A (113 → 93 controls, regrouped into four themes). This skill helps with ISMS setup, control mapping, and Stage 1/Stage 2 audit preparation. Triggers on: - A question like "set up an ISO 27001 trajectory", "what goes in the SoA", "which controls for our scope", "prepare for Stage 2 audit", "gap against the 2022 revision". - An organization considering certification or already in a certification cycle (annual surveillance, 3-yearly recertification). - A handoff from `nis2` or `dora`: both demand an ISMS and Annex A covers their technical-measures layer. - A question from a `soc2` context about mapping or dual-attestation strategy. - A customer contract requirement: "you must be ISO 27001". ### When NOT (handoff) - EU regulatory compliance (NIS2, DORA, AVG) → the relevant skills. ISO 27001 helps but is not legally required. - SOC 2 Type II → `soc2`. Lots of overlap in controls, different audit model. - Risk-assessment methodology → `risk-register`. ISO 27001 demands risk management (Cl 6.1, 8.2-8.3); the methodology lives in th