Enabling ISO/IEC 27001:2022 Compliance with Okta

ISO/IEC 27001 continues to be a globally recognized security standard and a consistently popular choice for today’s organizations seeking to demonstrate robust security controls and the effectiveness of their Information Security Management Systems (ISMS). This blog introduces a new Factsheet that provides guidance on how Okta can support organizations of any size in achieving or maintaining compliance to the ISO/IEC 27001:2022 standard.

What is ISO/IEC 27001:2022?

ISO/IEC 27001 is an international standard for information security management. It provides a framework for organizations to follow to establish, implement, monitor, and maintain an effective Information Security Management System (ISMS). The standard consists of security controls, which are divided into groups of:

• Organizational, 

• People,

• Physical, and 

• Technological controls.

The 2022 iteration of the standard introduced “Operational Capabilities” such as Identity and Access Management (IAM). By implementing applicable IAM controls in an organization’s environment, it can be demonstrated that best practices are being followed for securing information, data, and assets.

How Okta supports compliance to ISO/IEC 27001:2022

Okta and Auth0 are ISO27001:2022-compliant. Our platforms can also support organizations in achieving or maintaining their compliance to the ISO/IEC 27001:2022 standard. 

To guide our customers on how Okta can support, we’ve recently released a helpful new resource: The ISO/IEC 27001:2022 Compliance with Okta Platform Factsheet. This Factsheet provides an overview of ISO27001’s benefits and a detailed summary of how Okta’s products provide a unified approach in compliance adherence to IAM-specific and other controls. Keeping our customers in mind, we’ve methodically documented our guidance in three key sections:

• How Okta Supports IAM Controls

• How Okta Supports Non-IAM Specific Controls

• ISO/IEC 27001:2022 Reporting Requirements

Each section is strategically mapped to Okta products that support adhering to the controls, as presented. Leveraging the control guidance of the Factsheet can benefit all Okta customers, even organizations not currently targeting adherence to these controls.

More on Compliance

Okta upholds a strong compliance framework to demonstrate our commitment to maintaining highly available, secure, and resilient products and services. Many of these controls are embedded in Okta’s business-as-usual activities. We invite you to visit our new Factsheet, as well as our latest independent audit reports and other security compliance-related documents on our Security Trust Center. For more information on accessing Okta's Security Trust Center, visit our Okta Docs.

The Security Trust Center and all available documentation is accessible to customers and prospects of Okta. Site visitors can view Okta’s certifications and access industry-standard questionnaires. To learn more about our efforts, read our blog article, Empowering Security with Customer Trust Solutions.  Keep watching as we publish additional helpful resources; more to come.

Disclaimer: While this article discusses certain legal concepts, it does not constitute legal advice. It is provided for informational purposes only. For legal advice regarding your organization's compliance needs, please consult your organization's legal department. Okta makes no representations, warranties, or other assurances regarding the content of this article. Information regarding Okta's contractual assurances to its customers can be found at okta.com/agreements.