ISO 27001:2022

Native mapping to Annex A.6.3 (information security awareness, education and training) and A.6.5 (responsibilities after termination or change of employment).

ISO 27001:2022 reorganised the Annex A control set; the awareness-related controls now sit in A.6.3 (information security awareness, education and training) and A.6.5 (responsibilities after termination or change of employment).

GetCheckmark's ISO 27001 reporting maps natively to these controls and to the supporting clauses 7.2 (competence) and 7.3 (awareness) in the main body of the standard. The reporting is structured for use as evidence in both certification audits and internal audits run against ISO 19011 guidance.

Our customer-base includes many organisations who maintain ISO 27001 certification themselves and who use GetCheckmark as the awareness-training component of their ISMS. The platform supports the certification audit cadence without producing artefacts unique to the audit event — the standard reporting is sufficient for audit purposes.

How we help

• Native mapping to A.6.3, A.6.5, and clauses 7.2 and 7.3
• Audit-defensible evidence pack aligned to ISO 19011
• Surveillance-audit support across the three-year certification cycle

Talk to us

To discuss your iso 27001:2022 security programme, contact team@getcheckmark.com.