Compliance Framework

ISO/IEC 27001:2022

ISO 27001 is the international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive information, ensuring confidentiality, integrity, and availability through risk management and continuous improvement.

Audit In Progress

Coverage

100%

9 / 9 requirements

Controls Mapped

0

Security controls

Policies

15

Supporting policies

Scope

Information security management across all Mesta operations, covering organizational policies, technical controls, and risk management processes.

Framework Requirements

Organizational Controls

A.5.1satisfied

Policies for Information Security

Information security policy and topic-specific policies should be defined, approved, published, and communicated.

A.5.2satisfied

Information Security Roles and Responsibilities

Information security roles and responsibilities should be defined and allocated.

A.5.3satisfied

Segregation of Duties

Conflicting duties and areas of responsibility should be segregated.

Technological Controls

A.8.1satisfied

User Endpoint Devices

Information on user endpoint devices should be protected.

A.8.2satisfied

Privileged Access Rights

The allocation and use of privileged access rights should be restricted and managed.

A.8.3satisfied

Information Access Restriction

Access to information and other associated assets should be restricted.

A.8.5satisfied

Secure Authentication

Secure authentication technologies and procedures should be implemented.

A.8.10satisfied

Information Deletion

Information stored in information systems, devices or in any other storage media should be deleted when no longer required.

A.8.24satisfied

Use of Cryptography

Rules for the effective use of cryptography should be defined and implemented.

Mapped Controls (0)

No controls mapped to this framework yet.

Supporting Policies

Information Security Policy

v2.1.0 • risk

Access Control Policy

v1.8.0 • access

Data Protection and Privacy Policy

v3.0.0 • data

Incident Response Policy

v1.5.0 • incident

Business Continuity and Disaster Recovery Policy

v1.3.0 • bcdr

Change Management Policy

v2.0.0 • operations

Vendor and Third-Party Risk Management Policy

v1.6.0 • vendor

Acceptable Use Policy

Human Resources Security Policy

Asset Management Policy

v1.7.0 • operations

Cryptography and Encryption Policy

v1.9.0 • cryptography

Vulnerability Management Policy

v1.5.0 • operations

Secure Software Development Policy

v2.3.0 • development

Physical Security Policy

v1.2.0 • physical

Monitoring and Logging Policy

v1.6.0 • operations

Framework Details

Framework ID: iso27001
Status: in progress
Total Requirements: 9
Satisfied: 9

Coverage Progress

Overall Coverage100%