Skip to content
Splnit.eu
PlatformDemoEU RegulationsBlogEarly accessAboutPricing
||
Sign in
Design partner
← All regulations
ISOContinuousISO/IEC 27001:2022

ISO 27001

ISO 27001 is the certification standard for information security management systems. It requires risk management, a Statement of Applicability, documented controls, internal audit, and continual improvement.

Who may be in scope

Indicative practical impact for EU SMBs.

  • SaaS and technology companies selling to enterprise customers.
  • Suppliers that need to prove information security maturity in tenders.
  • Teams preparing for ISO 27001 certification with an accredited certification body.
  • Companies standardising security processes across IT, HR, legal, and operations.
Key obligations

What often needs evidence or review.

Clause 6.1.2

Risk management

Identify, assess, and treat information security risks.

Due: before certification

Clause 6.1.3

Statement of Applicability

Select relevant Annex A controls and justify inclusions or exclusions.

Due: before audit

Annex A 5.15

Access control

Manage access rights, MFA, privileged access, and periodic reviews.

Due: continuous

Clause 9.2

Internal audit evidence

Keep audit plans, findings, corrective actions, and management review inputs.

Due: at planned intervals

Fines and sanctions

Risk is measured in money, contracts, and lost trust.

Violation typeMaximum sanctionEnforcement
Failed certification auditCertificate not issued or suspendedCertification body
Customer security requirement not metContract riskCustomer
Insufficient audit evidenceRepeat audit or remediationAuditor
How Splnit.eu helps

Turn obligations into controls, evidence, and deadlines.

SoA and policies

Generate working documents for Annex A controls and risk treatment.

Evidence vault

Collect audit evidence from Microsoft 365, GitHub, and AWS.

Access reviews

Track account reviews, role changes, and exceptions.

See the platform
Šablony

Šablony a dokumenty ke stažení

Připravené šablony pro vaši implementaci. Stáhněte, upravte a použijte ve své firmě.

DOCX

Politika řízení rizik

Metodika hodnocení a zvládání kybernetických rizik dle nZKB a ISO 27001.

DOCX

Politika řízení dodavatelů

Šablona hodnocení bezpečnostně významných dodavatelů dle nZKB.

DOCX

Plán kontinuity činností (BCP)

Šablona pro zajištění nepřetržitosti provozu při výpadku nebo incidentu.

XLSX

Prohlášení o aplikovatelnosti (SoA)

Přehled 93 kontrol ISO 27001:2022 s hodnocením aplikovatelnosti.

Šablony jsou obecné vzory. Upravte je podle specifik vaší organizace. Splnit.eu nenese odpovědnost za jejich právní přesnost.

Splnit.eu

Early access platform for EU compliance automation.

Monthly EU regulation briefing

Product

  • Monitoring
  • Integrations
  • Trust Center
  • Security
  • Status
  • Early access
  • About
  • Pricing
  • Compare
  • Partners

Regulations

  • NIS2
  • EU AI Act
  • GDPR
  • ISO 27001

Contact

Splnit.eu — Czech sole-trader operator, Olomouc

Olomouc, Czech Republic

hello@splnit.eu
Topics we cover:GDPRNIS2ISO 27001Vyhl. č. 410/2025 Sb.

© 2026 Splnit.eu · All rights reserved

PrivacyTermsCookiesDPA
||