ISO 27001: Pillar v Traditional

If you’ve done an audit with AssuranceLab before, you’ll already be aware of our audit platform, Pillar. The Pillar platform enables you to complete a readiness assessment, with the results creating a custom, tailored control framework mapped to dozens of global standards (i.e., SOC 2, GDPR, SOC 1, ISO 27001 etc.) and get a clear picture of what you already have in place in your organisation, and what gaps you currently have. 


In the compliance and auditing world, the implementation of ISO 27001 is often handled quite differently to the implementation of a standard like SOC 2. If you go to six different companies to help you implement controls in preparation for SOC 2, you may find similarities, but the wording, guidance, implementation and perception of the standard will more than likely be different. While the Trust Services Criteria do provide points of focus as a guideline for implementing controls in line with SOC 2, very few audit firms will implement them verbatim, instead opting for their own repeatable list of typical controls. 


We have designed Pillar’s control set so that you can have one control that is worded and mapped adequately to cover multiple standards at once. For example you implement one Pillar control and that one control can be within your ISMS, your SOC 2 report, your SOC 1 report and so forth. While mapping can be done between standard ISO 27001 Annex A controls across to other standards, there may need to be some tweaking and word changes to ensure they are adequate across the board. 


How will I know what Pillar control maps to which part of ISO 27001

In the picture below, you’ll be able to see that the control is mapped to ISO 27001:ISMS (These are your clauses) and ISO 27001:2022 (These are your Annex A controls). In this specific example, HNB05 (background checks) is mapped to Annex A (ISO 27001:2022) control 6.1 (Screening). 

unnamed (1)-1-1

unnamed (2)-1-1

What if I don’t want the wording to be different?

That’s fine - we are flexible and are happy to assist in either a traditional ISO 27001 audit OR the Pillar approach! Please feel free to chat with the Sales team, your audit Manager or your Senior Consultant at AssuranceLab about the two different approaches and how to navigate ISO 27001 in Pillar!