Skip to content
Cyber Compliance

ISO 27001SOC 2 crosswalk

A control-by-control mapping between ISO/IEC 27001:2022 and SOC 2 (AICPA Trust Services Criteria). 7 mappings.

ISO 27001SOC 2RelationshipNotes
A.5.1
Policies for information security
CC1.1
Integrity and ethical values
RelatedCurated
Governance & security policy
A.5.15
Access control
CC6.1
Logical access security controls
EquivalentCurated
Access control & identity
A.5.16
Identity management
CC6.1
Logical access security controls
EquivalentCurated
Access control & identity
A.8.15
Logging
CC7.2
Security event monitoring
EquivalentCurated
Logging, monitoring & detection
A.8.16
Monitoring activities
CC7.2
Security event monitoring
EquivalentCurated
Logging, monitoring & detection
A.8.24
Use of cryptography
CC6.7
Restricting data transmission
PartialCurated
Cryptography & data protection
A.8.8
Management of technical vulnerabilities
CC7.1
Vulnerability detection and monitoring
EquivalentCurated
Vulnerability management

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.