Run a living ISO 27001 management system, not a once-a-year audit scramble
ISO 27001 teams need a living ISMS, not a folder of policies that goes stale between audits. Rizzqo connects all 93 Annex A controls to the systems you actually run and keeps your program audit-ready every day — so each cycle starts from where you are, not a blank page.
THE MANAGEMENT SYSTEM
ISO 27001 is a loop, so Rizzqo runs it as one
ISO 27001 is built as the Plan-Do-Check-Act cycle of continual improvement, yet most teams treat it as a linear project that resets at every audit. Rizzqo keeps the loop turning, so each surveillance cycle starts from your live state instead of a blank page, and you never rebuild the program from scratch.
Plan
Set your scope and risk approach, then decide which controls apply and why.
Do
Put controls into practice against the systems you actually run, and capture the proof as the work happens.
Check
Track how controls are performing, run internal audits and review whether they are actually working.
Act
Address findings, drive corrective actions and feed improvements back into the next cycle.
ANNEX A · ISO 27002:2022
All 93 Annex A controls, organized the way the standard is
The 2022 revision groups Annex A into four control themes. All of them come built into Rizzqo and connected to the systems you run, so you always see who owns each control, what is done and where the proof lives.
Policies, roles, supplier and cloud security, incident management and the governance backbone of the ISMS.
Screening, terms of employment, awareness and training, and the responsibilities people carry for security.
Secure areas, equipment protection, clear-desk and clear-screen, and the physical perimeter of your assets.
Access control, cryptography, logging, secure development, configuration and network security across systems.
HOW RIZZQO RUNS ISO 27001
From first gap to audit-ready, in one connected system
Work your controls against the systems you actually run, and let Rizzqo produce the documentation your certification body expects.
Start ISO 27001 with the control set already in place
ISO 27001 and ISO 27002:2022 come ready on day one, so you start from a complete control set instead of building one. Set your scope and risk approach, and let Rizzqo keep the work you do here reusable across the other standards you carry.
- ISO 27001 and ISO 27002:2022 ready on day one
- A complete control set, not a blank template
- One program that spans your overlapping standards
Work every control against the systems you run
Every control is grounded in the systems you actually run, not a generic checklist that ignores how you operate. And every gap is captured and tracked, so nothing slips through before an audit.
- Controls grounded in the systems you run
- Ownership and proof clear on every control
- No gap left untracked
See control health across all four themes
See the health of all four control themes in one place. Internal auditors and management get the live picture instead of a snapshot exported the night before the audit.
- Live status across all 93 Annex A controls
- Where you stand at a glance
- Audit-ready exports for your certification body
THE CERTIFICATION JOURNEY
A clear path from gap to certified, and beyond
Certification is a sequence, not a sprint. Rizzqo carries you through each stage and keeps the system alive through every surveillance audit and recertification.
- 01
Gap assessment
Benchmark current state against ISO 27001 and see exactly which controls and clauses need work.
- 02
Statement of Applicability
Decide which controls apply, justify each choice, and lock your Statement of Applicability.
- 03
Implementation
Treat risks and roll out controls across the systems you run, collecting proof as the work is done.
- 04
Internal audit
Run the internal audit and management review the standard requires, then close findings before the certifier arrives.
- 05
Certification audit
Hand your auditor a complete, organized pack across Stage 1 and Stage 2, with nothing scrambled together at the last minute.
- 06
Surveillance & recertification
Keep the PDCA loop turning so each annual surveillance and three-year recertification starts from live state.
Make ISO 27001 a system you run, not a deadline you dread
See how Rizzqo connects every Annex A control to your real systems and keeps you audit-ready year-round.