Access

Access controls are a core part of ISO 27001 alignment: who can access what, how access is approved, how it’s reviewed, and how it’s revoked.

Key documents

Access control policy

Principles and procedures for granting, reviewing, and revoking access.

Infrastructure access

SSO/MFA, VPN access, and how traffic flows.