OPS ONLINETHREAT LEVEL: ELEVATEDSECTOR 04 · ACTIVE WATCHUPLINK NOMINAL · 99.997%MISSION CLOCKT+ 00:00:00DOCTRINE FM-26.A
Passed ISO 27001 Audits

ISO/IEC 27001 Technical Controls

Infrastructure-level implementation of Annex A technical controls — access management, cryptography, logging, and network security — from a team with a track record of taking that work through to a passed certification audit.

What auditors actually check

ISO 27001 certification audits test whether Annex A controls are actually implemented and operating — not just documented in policy. This is the same infrastructure-level implementation work behind engagements ACS has taken through to a passed certification: access management, cryptography, logging, and network security.

Scope, not blanket implementation

Work is scoped against your Statement of Applicability — the specific controls relevant to your environment and risk assessment — rather than a one-size-fits-all Annex A checklist.

The certification itself

ISMS policy documentation, risk assessment methodology, and the formal certification audit sit with your compliance consultant and certification body — we coordinate directly with them on the technical side rather than duplicating that relationship.

ISO 27001 TECHNICAL CONTROLS — FAQ

Does ACS issue ISO 27001 certification?

No — certification is issued by an accredited certification body following formal audit. ACS implements the technical controls that audit will test, with a track record of taking that work through to a passed certification.

Has ACS actually passed an ISO 27001 certification audit?

Yes — ACS has implemented Annex A technical controls and taken infrastructure through to a passed ISO 27001 audit as part of prior engagement work.

What Annex A controls does this typically cover?

Access control (A.9), cryptography (A.10), operations security and logging (A.12), and network security (A.13) are the most common infrastructure-heavy areas — scoped to your specific Statement of Applicability.

Do you help with the ISMS documentation itself?

Our focus is technical control implementation. ISMS policy, risk assessment methodology, and management-system documentation are typically handled by your compliance consultant — we coordinate with them on the technical side.

Can you work with our certification body or existing consultant?

Yes — the formal certification relationship remains between you and your certification body; we coordinate on technical scope with your consultant where one is engaged.

How is this scoped?

Against your Statement of Applicability — which controls apply to your environment — rather than implementing the full Annex A regardless of relevance.

Discuss ISO 27001 Technical Controls

Tell us your Statement of Applicability and current infrastructure state. We'll scope the implementation work.