Loading…
Loading…
ISO 27001 requires an Information Security Management System (ISMS) — documented policies, procedures, and controls for managing information security risks. The architecture model provides the foundation: system boundaries define the ISMS scope, data classifications define what needs protection, and security elements define the controls in place.
ISO 27001:2022 Annex A has 93 controls across 4 categories: organizational (37), people (8), physical (14), and technological (34). Archiet maps your ArchiMate elements to the technological controls automatically: AuthenticationService → A.8.5 (secure authentication), EncryptionService → A.8.24 (use of cryptography), LoggingService → A.8.15 (logging), BackupService → A.8.13 (information backup).
The ISO 27001 assessment identifies controls that are NOT satisfied by your current architecture. Each gap includes: the specific Annex A control, what ArchiMate element type would satisfy it, and the code changes needed. This turns abstract compliance requirements into concrete engineering tasks.
The Statement of Applicability (SoA) is a mandatory ISO 27001 document listing all 93 controls with their applicability status (applicable/not applicable) and implementation status (implemented/planned/not implemented). Archiet generates the SoA from your architecture model — no spreadsheet maintenance required.
Financial technology companies need SOC 2 Type II before their first enterprise deal. Archiet maps your architecture to all 10 Trust Services Criteria automatically — evidence narratives included.
B2B SaaS buyers expect SOC 2 Type II. Archiet generates compliant architecture with multi-tenant isolation, audit logging, and encryption — mapped to Trust Services Criteria automatically.
Microservices make GDPR harder — personal data flows across service boundaries. Archiet maps data classifications to each service and generates GDPR controls: consent tracking, data export, right to erasure, and breach notification.