Information Security & Cyber

ISO/IEC 27001:2022 defines an Information Security Management System (ISMS) and is the basis for certification; ISO/IEC 27002:2022 provides a comprehensive set of controls for information security. SOC 2 (AICPA Trust Service Criteria) demonstrates security, availability, processing integrity, confidentiality, and privacy to customers and auditors. The EU NIS2 Directive (Network and Information Security) applies to essential and important entities and requires risk management and incident reporting. ActiveERM helps you map controls to Annex A and TSC, collect continuous evidence, and stay audit-ready for certification and customer questionnaires. Explore our GRC & Compliance solution for information security and cyber resilience.

Whether you are pursuing ISO 27001 certification, a SOC 2 Type I or Type II report, or NIS2 compliance, you need a single place to document policies, link risks to controls, run internal audits, and collect evidence. ActiveERM automates evidence collection from identity providers, cloud services, and HR systems so your controls are demonstrated year-round—not only at audit time.

Key regulations & official links