By CAS

ISO/IEC 27001:2022 — Information Security

The global benchmark for information security management — updated with Amendment 1:2024. Protect your information assets and demonstrate robust cybersecurity governance to clients and regulators.

By CAS — Not Under EGAC Accreditation

This certificate is issued by CAS without third-party accreditation for this scheme. It is not within the scope of EGAC Schedule 012418B and is not recognised under the IAF MLA. Per IAF MD 23:2023, CAS clearly differentiates accredited and non-accredited services on every page.

By CAS ISO/IEC 27001:2022 + Amd.1:2024
Apply for Certification Talk to Our Team
ISO/IEC 27001:2022 + Amd.1:2024
ISMS
What is Information Security Management Systems?

ISO/IEC 27001:2022 specifies requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It provides a systematic approach to managing sensitive company information so that it remains secure, covering people, processes, and technology.

Who Is This For?

IT companies, financial institutions, healthcare organisations, government contractors, cloud service providers, and any organisation handling sensitive data — increasingly required by customers, regulators, and data protection frameworks.

Key Benefits
  • Internationally recognised information security certification
  • Demonstrates commitment to protecting customer and business data
  • Required or preferred by many enterprise and government clients
  • Supports GDPR, NIS2, and local data protection compliance
  • Reduces risk of data breaches, incidents, and regulatory fines
  • Competitive advantage in IT services, fintech, and B2B markets
Certification Process
1
Application & Review
Submit your application. CAS reviews your organisation's scope, personnel, sites, and activities to prepare a detailed audit time calculation and formal commercial proposal.
2
Stage 1 — Document Review
On-site or remote review of your management system documentation, readiness assessment, and confirmation of Stage 2 audit scope and plan.
3
Stage 2 — On-site Audit
Full on-site audit of the implemented management system against the standard's requirements. Findings are reported; nonconformities must be closed before certification.
4
Certification Decision
CAS's independent certification committee reviews the audit findings and issues the certificate. The certificate is valid for 3 years.
5
Surveillance & Recertification
Annual surveillance audits (~1/3 of initial audit time) maintain certification. Recertification audit (~2/3 of initial time) is conducted before certificate expiry to renew for a further 3 years.
Frequently Asked Questions
ISO/IEC 27001:2022 restructured the Annex A controls from 114 to 93, added 11 new controls (covering threat intelligence, cloud security, data masking, etc.) and reorganised into 4 themes.
ISO 27001 is not a legal requirement for GDPR, but many of its controls directly support GDPR compliance requirements. Certification demonstrates a structured approach to data protection.
Related Services
CAS, EGAC & IAF
Quality Management Systems
ISO 9001:2015 + Amd.1:2024
Learn more
 By CAS
IT Service Management
ISO/IEC 20000-1:2018 + Amd.1:2024
Learn more
 CAS & EGAC
Business Continuity Management Systems
ISO 22301:2019 + Amd.1:2024
Learn more