ISO/IEC 27001:2022

International standard for information security management systems. Globally recognized certification. 2022 revision reorganized Annex A controls around four themes.

Global enterprises, EU market, APAC, financial services

14

control domains mapped

32

products applicable

6

other frameworks cross-mapped

Official doc

ISO/IEC 27001:2022

A.8.22 Segregation of networks

Stateful firewall with IPS at the network perimeter. All inbound/outbound traffic inspected with Suricata rule sets. VPN gateway replaces consumer VPN dependency.

Products that satisfy this control:

A.8.9 Configuration management

Intel Management Engine disabled at the firmware level across every open-firmware machine we carry (NitroPad, NitroPC, PrivacyGuard, SecurityTitan); SecurityTitan models go further — camera and microphone physically removed, anti-tamper seals verified by Heads + Nitrokey attestation. Least functionality, enforced in hardware.

A.7.1 Physical security perimeters

Rated safes and vaults protect physical assets, documents, and hardware backups with UL-certified burglary ratings — from UL 1037 RSC (residential) up to UL 687 TL-15/TL-30 vault-grade for insurance-mandated or enterprise specialty storage (the tier insurers and auditors recognize; see the ratings ladder on /safe). SecurityTitan laptops extend physical protection to devices in transit: glitter-sealed tamper-evident screws with photographic verification make case intrusion detectable.

A.7.5 Protecting against physical and environmental threats

UL 72 fire-rated safes keep interiors under 350°F through 30-minute to 4-hour furnace exposure — plus explosion and 30-foot drop tests — so original records, storage media, seed-phrase plates, and offline backups survive a facility fire. Distinct from burglary protection: enterprises with records-retention or continuity obligations typically need BOTH ratings on one unit (dual-rated Gardall UL line or TL-rated composite safes — see /safe).

Products that satisfy this control:

A.5.30 ICT readiness for business continuity

Encrypted LoRa mesh radios (Meshtastic / MeshCore / Reticulum) move text and GPS with no cellular, WiFi, internet, or subscription — every node relays for every other, on FCC Part 15 unlicensed 915 MHz spectrum. The out-of-band channel for disaster response, incident communications when primary networks are down or untrusted, remote sites, and executive contingency plans.

Products that satisfy this control:

A.8.12 Data leakage prevention

MIL-STD 188-125 / IEEE 299-tested Faraday shielding (80+ dB) physically severs every radio — cellular/5G, WiFi, Bluetooth, GPS, RFID, NFC — so devices cannot be tracked, remotely wiped, or exfiltrated over RF. Covers executive travel through hostile networks, forensic chain-of-custody transport (a seized phone that must not phone home), and anti-relay protection for keyless-entry fobs.

Products that satisfy this control: