OBP Platform - Demo UI

ISO/IEC 27001:2022 Certified

Certificate #: ISO27001-2025-12345 | Certification Body: BSI Group | Valid Until: October 14, 2028

Active Certification

Control Implementation

98.2%

112/114 controls implemented

Open Findings

minor non-conformities

Security Incidents

in the last 12 months

Risk Assessments

completed this year

Annex A Control Domains

Domain	Description	Controls	Implemented	Status
A.5 Information Security Policies	Management direction for information security	2	2	Compliant
A.6 Organization of Information Security	Internal organization and mobile devices/teleworking	7	7	Compliant
A.7 Human Resource Security	Prior to, during, and termination of employment	6	6	Compliant
A.8 Asset Management	Responsibility, classification, and media handling	10	10	Compliant
A.9 Access Control	Business requirements, user access, system/application access	14	13	Partial
A.10 Cryptography	Cryptographic controls and key management	2	2	Compliant
A.11 Physical and Environmental Security	Secure areas and equipment protection	15	15	Compliant
A.12 Operations Security	Operational procedures, malware, backup, logging	14	14	Compliant
A.13 Communications Security	Network security and information transfer	7	7	Compliant
A.14 System Acquisition, Development and Maintenance	Security requirements and development processes	13	12	Partial
A.15 Supplier Relationships	Information security in supplier relationships	5	5	Compliant
A.16 Information Security Incident Management	Management of incidents and improvements	7	7	Compliant
A.17 Business Continuity Management	Information security continuity and redundancies	4	4	Compliant
A.18 Compliance	Legal, contractual, and review requirements	8	8	Compliant
Total		114	112	98.2%

Access Control

Multi-Factor Authentication

Enabled

Role-Based Access

Active

Privileged Access Management

Implemented

Access ReviewsQuarterly

Cryptography

Data at Rest Encryption

AES-256

Data in Transit Encryption

TLS 1.3

Key Management

HSM

Certificate ManagementAutomated

Business Continuity

Recovery Time Objective

4 hours

Recovery Point Objective

1 hour

Backup FrequencyContinuous

DR Test FrequencyQuarterly

Risk Assessment Summary

Risk Category	Inherent Risk	Residual Risk	Controls	Last Review
Data Breach	High	Low	8	November 2025
Ransomware Attack	High	Medium	12	November 2025
Insider Threat	Medium	Low	6	October 2025
Third-Party Compromise	Medium	Low	5	November 2025
Business Disruption	Medium	Low	7	October 2025

Audit History

Stage 2 Certification Audit

BSI Group | October 15, 2025

2 findings | 5 observations

Passed

Stage 1 Documentation Review

BSI Group | June 20, 2025

0 findings | 3 observations

Passed

Internal Audit

Internal Audit Team | March 10, 2025

4 findings | 8 observations

Completed

Gap Assessment

Security Consultants LLC | December 5, 2024

12 findings | 15 observations

Completed

Upcoming ISMS Activities

Quarterly Access Review

December 15, 2025

Review

Annual Risk Assessment Update

January 10, 2026

Assessment

Security Awareness Training

February 1, 2026

Training

Business Continuity Test

March 15, 2026

Test

Surveillance Audit (Year 1)

April 20, 2026

Audit

ISO 27001 Compliance