Run a living ISO 27001 management system, not a once-a-year audit scramble

ISO 27001 teams need a living ISMS, not a folder of policies that goes stale between audits. Rizzqo connects all 93 Annex A controls to the systems you actually run and keeps your program audit-ready every day — so each cycle starts from where you are, not a blank page.

93Annex A controls built in
4control themes mapped
PDCAcontinual improvement loop

THE MANAGEMENT SYSTEM

ISO 27001 is a loop, so Rizzqo runs it as one

ISO 27001 is built as the Plan-Do-Check-Act cycle of continual improvement, yet most teams treat it as a linear project that resets at every audit. Rizzqo keeps the loop turning, so each surveillance cycle starts from your live state instead of a blank page, and you never rebuild the program from scratch.

Plan

Plan

Set your scope and risk approach, then decide which controls apply and why.

Do

Do

Put controls into practice against the systems you actually run, and capture the proof as the work happens.

Check

Check

Track how controls are performing, run internal audits and review whether they are actually working.

Act

Act

Address findings, drive corrective actions and feed improvements back into the next cycle.

ANNEX A · ISO 27002:2022

All 93 Annex A controls, organized the way the standard is

The 2022 revision groups Annex A into four control themes. All of them come built into Rizzqo and connected to the systems you run, so you always see who owns each control, what is done and where the proof lives.

A.5
37Organizational

Policies, roles, supplier and cloud security, incident management and the governance backbone of the ISMS.

A.6
8People

Screening, terms of employment, awareness and training, and the responsibilities people carry for security.

A.7
14Physical

Secure areas, equipment protection, clear-desk and clear-screen, and the physical perimeter of your assets.

A.8
34Technological

Access control, cryptography, logging, secure development, configuration and network security across systems.

93controls across four themes

HOW RIZZQO RUNS ISO 27001

From first gap to audit-ready, in one connected system

Work your controls against the systems you actually run, and let Rizzqo produce the documentation your certification body expects.

PLAN

Start ISO 27001 with the control set already in place

ISO 27001 and ISO 27002:2022 come ready on day one, so you start from a complete control set instead of building one. Set your scope and risk approach, and let Rizzqo keep the work you do here reusable across the other standards you carry.

  • ISO 27001 and ISO 27002:2022 ready on day one
  • A complete control set, not a blank template
  • One program that spans your overlapping standards
DO

Work every control against the systems you run

Every control is grounded in the systems you actually run, not a generic checklist that ignores how you operate. And every gap is captured and tracked, so nothing slips through before an audit.

  • Controls grounded in the systems you run
  • Ownership and proof clear on every control
  • No gap left untracked
CHECK

See control health across all four themes

See the health of all four control themes in one place. Internal auditors and management get the live picture instead of a snapshot exported the night before the audit.

  • Live status across all 93 Annex A controls
  • Where you stand at a glance
  • Audit-ready exports for your certification body

THE CERTIFICATION JOURNEY

A clear path from gap to certified, and beyond

Certification is a sequence, not a sprint. Rizzqo carries you through each stage and keeps the system alive through every surveillance audit and recertification.

  1. 01

    Gap assessment

    Benchmark current state against ISO 27001 and see exactly which controls and clauses need work.

  2. 02

    Statement of Applicability

    Decide which controls apply, justify each choice, and lock your Statement of Applicability.

  3. 03

    Implementation

    Treat risks and roll out controls across the systems you run, collecting proof as the work is done.

  4. 04

    Internal audit

    Run the internal audit and management review the standard requires, then close findings before the certifier arrives.

  5. 05

    Certification audit

    Hand your auditor a complete, organized pack across Stage 1 and Stage 2, with nothing scrambled together at the last minute.

  6. 06

    Surveillance & recertification

    Keep the PDCA loop turning so each annual surveillance and three-year recertification starts from live state.

Make ISO 27001 a system you run, not a deadline you dread

See how Rizzqo connects every Annex A control to your real systems and keeps you audit-ready year-round.

All 93 Annex A controls built inStatement of Applicability automatedAlways audit-ready