Compliance evidence
ISO 27001 — domain & certificate controls
Globally — any company selling internationally or serving regulated industries. The non-US equivalent of SOC 2.
Authority: International Organization for Standardization (ISO)
What ISO 27001 actually requires
ISO 27001 certifies an organization's Information Security Management System (ISMS). Annex A lists 93 controls grouped into 4 themes: Organizational, People, Physical, and Technological. Certificate health maps directly to the Technological theme — specifically cryptography and secure communications controls.
Full name: ISO/IEC 27001:2022 Information Security Management.
Controls that touch certificates and domains
These are the 4 controls most directly affected by TLS certificate and domain lifecycle. CertRadar produces evidence bundles mapped to each.
| Control | Title | How CertRadar helps |
|---|---|---|
A.8.24 | Use of cryptography | Inventory of cryptographic material in use — TLS certificates qualify — with key lengths and signature algorithms documented. |
A.8.20 | Networks security | Evidence that network boundaries enforce encryption via current certificates. |
A.8.21 | Security of network services | Ongoing monitoring of service-level cryptographic health. |
A.5.9 | Inventory of information and other associated assets | Direct fit: certificates are cryptographic assets; ISO requires an inventory. |
What the evidence pack contains
CertRadar’s one-click export for ISO 27001 includes:
- Signed inventory of all cryptographic assets (certificates) with lifecycle metadata
- Exception register with dates and resolutions
- Evidence of continuous monitoring (daily TLS probes)
- Risk assessment input — expiring / weak-crypto / orphaned certificates flagged
Example domains in ISO 27001 scope
Representative domains often monitored for ISO 27001 evidence. Check any of them live:
Ship the ISO 27001 evidence your auditor asks for.
CertRadar gives security, IT, and compliance teams a complete inventory of every domain and cert your company owns — plus a one-click evidence pack mapped to ISO 27001 controls. Beta in weeks. Early members get a lifetime Pro discount.
Join the waitlist