Skip to content

ISO 27001

What Escape tests against ISO/IEC 27001 (with Annex A controls from the 2022 revision), and how to use the ISO 27001 block in reporting.

What We Cover

Escape maps findings to the Annex A controls that touch application security:

  • A.5.23 (Information security for use of cloud services): cloud-exposed asset discovery via ASM.
  • A.8.8 (Management of technical vulnerabilities): the core vulnerability-management loop, tracked through scan history.
  • A.8.24 (Use of cryptography): TLS posture, cipher-suite checks, certificate validation.
  • A.8.25 (Secure development life cycle): CI/CD scan coverage as evidence.
  • A.8.28 (Secure coding): every DAST finding maps here with its CWE.
  • A.8.29 (Security testing in development and acceptance): the scan itself is the evidence.

The full control-to-test mapping is rendered inside the app under Frameworks -> ISO 27001.

How to Enable

  1. Turn on the ISO 27001 framework under Organization Settings -> Compliance.
  2. Add the ISO 27001 block to the reports you hand to your internal audit team.
  3. Tag in-scope assets so the Compliance Matrix tracks them.

What the Report Contains

Per enabled asset: each relevant Annex A control, the mapped security tests, findings in scope, and the pass / fail posture. Auditors get the PDF; internal ISMS teams get the CSV export.