Identity and Access Management
Book
MidPoint
- Quick Start Guide
- Compliance
  - ENISA baseline security requirements
  - ISO 27001
    - 5.1
    - SOA
    - 5.2
    - 5.3
    - 5.4
    - 5.5
    - 5.6
    - 5.7
    - 5.8
    - 5.9
    - 5.10
    - 5.11
    - 5.12
    - 5.13
    - 5.14
    - 5.15
    - 5.16
    - 5.17
    - 5.18
    - 5.19
    - 5.20
    - 5.21
    - 5.22
    - 5.23
    - 5.24
    - 5.25
    - 5.26
    - 5.27
    - 5.28
    - 5.29
    - 5.30
    - 5.31
    - 5.32
    - 5.33
    - 5.34
    - 5.35
    - 5.36
    - 5.37
    - 6.1
    - 6.2
    - 6.3
    - 6.4
    - 6.5
    - 6.6
    - 6.7
    - 6.8
    - 7.1
    - 7.2
    - 7.3
    - 7.4
    - 7.5
    - 7.6
    - 7.7
    - 7.8
    - 7.9
    - 7.10
    - 7.11
    - 7.12
    - 7.13
    - 7.14
    - 8.1
    - 8.2
    - 8.3
    - 8.4
    - 8.5
    - 8.6
    - 8.7
    - 8.8
    - 8.9
    - 8.10
    - 8.11
    - 8.12
    - 8.13
    - 8.14
    - 8.15
    - 8.16
    - 8.17
    - 8.18
    - 8.19
    - 8.20
    - 8.21
    - 8.22
    - 8.23
    - 8.24
    - 8.25
    - 8.26
    - 8.27
    - 8.28
    - 8.29
    - 8.30
    - 8.31
    - 8.32
    - 8.33
    - 8.34
  - NIS 2
- Installation
- Releases
- Roadmap
- Features
- Architecture
- Security
- Guides
- Developer Zone
- Exercises
- Live Demo
- Operations Manual
- Configuration reference
- MidPrivacy
- MidScale
- MidPoint Studio
- Methodology
- Projects
- Tools
- Versioning
- History
Identity Connectors
Support
Trainings
Why Evolveum?
Community
Library
Case Studies
Talks
Glossary
Frequently Asked Questions
About

ISO/IEC 27001 Statement of Applicability

Last modified 16 Jun 2025 14:20 +02:00

This is a Statement of Applicability (SOA) of midPoint to ISO/IEC 27001:2022 standard.

Applicability (SoA) explains how midPoint can assist a company in aligning with ISO/IEC 27001:2022. While midPoint is a software tool and cannot provide compliance on its own, proper configuration can significantly aid in achieving ISO/IEC 27001:2022 compliance. This document, along with the accompanying Excel file, maps midPoint features to each ISO/IEC 27001:2022 control and evaluates the potential assistance midPoint offers for each control.

How to Interpret the Necessity of a Tool like midPoint:

Necessary: Achieving compliance for these controls would be very difficult without a tool like midPoint, often requiring extensive manual work, especially for companies with complex internal structures or a large number of employees.
Optional: midPoint can partially assist with these controls by providing necessary information, monitoring control implementation, and partially implementing control measures.
Marginal: midPoint can typically provide data to support decision-making for these controls.
Not Applicable: midPoint offers no assistance for these controls (primarily physical controls).

How to Read the Attached XLSX File:

ISO270012022: Columns A-I contain information about the controls (including hashtags). This is followed by information on the necessity of a tool like midPoint for implementing each control (Column J) and a list of midPoint features that can be helpful for implementing each control (Column K).
midPoint: This sheet lists midPoint features (Column A), the controls where they appear (Column E), and the number of occurrences (Column F). You can choose an implementation strategy that prioritizes features frequently used across controls.
Statistics: This sheet provides a summary of all controls, categorized by domain (Organizational, People, Physical, and Technological controls).
Tags: This sheet contains tags for the spreadsheets and from ISO/IEC 27001:2022.

ISO 27001 Controls Supported by MidPoint

Download

Statement of Applicability can be downloaded using following links:

XLSX

Was this page helpful?

YES NO

Thanks for your feedback