Skip to content
SecurityAligned to controls

ISO/IEC 27001 Information Security Management

Desha.ai operates an information-security programme aligned to the ISO/IEC 27001:2022 control set (Annex A) and a risk-based Information Security Management System (ISMS). Formal certification is on our roadmap; today we map our controls to the standard and can share that mapping.

Request documentation Last reviewed June 2026
DESHA.AI Trust Center

ISO 27001

ISO/IEC 27001 Information Security Management
Status: Aligned to controls
Jurisdiction: International
Reviewed: June 2026

At a glance

Standard
ISO/IEC 27001:2022
Controls
93 Annex A controls, 4 themes
Approach
Risk-based ISMS
Certification
On roadmap (aligned today)

Information Security Management System

Our ISMS defines security objectives, a risk-assessment and treatment methodology, a Statement of Applicability, and a cycle of review and continual improvement. Security is owned at leadership level.

Annex A control themes

ThemeCoverage
OrganisationalPolicies, roles, supplier security, threat intel, incident management
PeopleScreening, awareness training, responsibilities, joiner/mover/leaver
PhysicalSecure cloud facilities, equipment and media handling
TechnologicalAccess control, cryptography, secure development, logging, backup, vulnerability management

Engineering practices

  • Secure SDLC with code review and dependency/vulnerability scanning.
  • Least-privilege access, MFA, and centralised audit logging.
  • Encryption in transit and at rest; managed key lifecycle.
  • Regular backups with tested restoration and business continuity.
  • Independent penetration testing with remediation tracking.

Honest status

We describe ourselves as “aligned to ISO 27001 controls,” not certified. When certification is achieved the certificate and scope will be published here. Reviewers may request our current control mapping and Statement of Applicability summary under NDA.

Documentation available on request

  • ISO 27001 control mapping / Statement of Applicability summary
  • Penetration-test executive summary
  • Information-security policy summary

Provided to qualified reviewers under a mutual NDA via contactus@desha.ai.

This page summarises Desha.ai’s posture for due-diligence review and does not disclose internal systems or security-sensitive detail. It is informational and not a warranty or legal advice. For contractual terms request our DPA / BAA at contactus@desha.ai.