Skip to main content

ISO/IEC 27001:2022 ISMS readiness

Compliance evidence, automated through Microsoft Graph.

Security Flare pulls Conditional Access policies, Intune device inventory, audit logs, and security events directly from your customers' tenants — and lines them up against ISO 27001:2022 Annex A controls. MSP-native multi-tenancy, Australian data residency.

Annex A controls
93
Automated via Graph
36
  • ISO 27001:2022 · Essential 8 crosswalk
  • Sydney (ap-southeast-2) data residency

From Entra consent to evidence in three steps.

Built for MSPs that already run their customers on Microsoft 365 and Entra ID. Connect a customer once; evidence flows in nightly, hashed and retained for seven years to match the audit window.

Step 1 of 3

Customer admin consents

Send your customer a single Microsoft consent link. They click once; Security Flare gets application-permission tokens scoped to read-only Graph endpoints.

Step 2 of 3

Evidence flows in nightly

Conditional Access policies, Intune device posture, sign-in audit logs, identity-risk events, and role assignments are collected every night, hashed for tamper detection, and stored in tamper-evident object storage.

Step 3 of 3

Evidence maps to Annex A

Each evidence run lands on the control it satisfies. Track status, attach the run, and export the Statement of Applicability when the auditor asks.

Built the way MSPs actually work.

Customer data stays fenced off

Each customer's data is isolated at the database level — not at the application layer where mistakes happen. One MSP organisation parents many client organisations, and they can never see each other's evidence.

Australian data residency

Hosted in Sydney (ap-southeast-2). Mindful of the Privacy Act 1988 and the OAIC Notifiable Data Breaches scheme so the 30-day clock isn't a surprise.

Essential 8 crosswalk built in

Every Annex A control carries the Essential 8 strategy it overlaps with — so the same evidence work satisfies two frameworks at once. No retro-mapping later.

No auto-admit on email domain

The first user from a new Microsoft tenant goes through a phone-based identity check before any tenant-scoped changes are allowed. Catalogue browsing is open; writes are gated.

Tamper-evident evidence

Every evidence file is hashed and the hash is in the audit log. Object Lock prevents in-place rewrites for the seven-year retention window an ISO 27001 audit expects.

Evidence runs on schedule, not on prayer

Evidence is pulled automatically every night, hashed, and stored. Per-tenant scheduling means no throttling, no manual collection, and a clean run log for the auditor.

Ready to see your readiness?

Sign in with your Microsoft work account to connect a tenant, or browse the full Annex A catalogue first to see what gets automated.