THALES BLOG

From Compliance to Confidence: How Thales Helps You Meet ISO/IEC 27001:2022 Head-On

July 17, 2025

Romain Deslorieux Romain Deslorieux | Director, Strategic Partnerships | Thales More About This Author >

The digital threat landscape today is unrecognizable from 2013, with each year bringing new tech trends and threats. Distributed and hybrid workforces, cloud-native architectures, a culture of bring-your-own-everything, more cunning and sophisticated adversaries, Artificial Intelligence, and AI agents have redefined how entities think about data security.

In response, the ISO/IEC 27001 standard (long considered a cornerstone of cybersecurity governance) was revised in 2022 to help companies manage these emerging risks and operational realities.

Here’s what changed between the 2013 and 2022 versions:

  • New threats, new controls: 11 new controls were added to reflect cloud use, data lifecycle protection, and threat intelligence.
  • Fewer, smarter categories: The number of controls was streamlined from 114 to 93 and grouped into four clear themes: Organizational, People, Physical, and Technological.
  • More focus on data-centric security: Controls now call for proactive protection of sensitive data through masking, deletion, and leakage prevention.
  • Cloud and SaaS are front and center: The standard recognizes the complexity of securing hybrid environments, cloud infrastructure, and API-driven workflows.
  • Shift to continuous assurance: Organizations are expected to monitor and respond to security events in real-time; prevention alone is no longer enough.
  • Alignment with modern frameworks: Zero Trust, NIST, and risk-based approaches to security governance are more harmonious.

The result? ISO/IEC 27001:2022 is more aligned with today’s risks and more demanding. The need to operationalize controls in cloud, hybrid, and decentralized environments means that traditional security approaches are no longer sufficient.

Where Thales Adds Value

Thales supports your compliance journey with a comprehensive, cloud-ready portfolio built to help meet the demands of ISO/IEC 27001:2022. Our solutions address six essential categories, each designed to map the control areas and evolving risks outlined in the updated standard.

1. Threat Detection and Intelligence

Leverage threat intelligence and behavioral analytics to detect and respond to evolving risks. Monitor data access and system activity across multi-cloud and hybrid environments. Support controls for threat intelligence, monitoring, and event management.

2. Cloud Data Security

Encrypt data across all cloud platforms, at rest, in motion, and in use. Keep control of your encryption keys, even when data resides in the public cloud. Ensure data confidentiality and integrity in shared responsibility environments.

3. Data Discovery and Classification

Identify and classify sensitive information across your data estate. Automate tagging and policy enforcement based on data type and sensitivity. Enable downstream controls like masking, encryption, and secure deletion.

4. Data Loss Prevention

Protect sensitive data from unauthorized access, sharing, or exfiltration. Apply tokenization, granular encryption, and user access controls. Limit internal and external threats while meeting compliance mandates.

5. Application and API Protection

Shield web applications and APIs from known and unknown threats. Use machine learning to detect bots, business logic abuse, and DDoS attacks. Ensure resilience for customer-facing digital services.

6. Identity and Access Management (IAM)

Strengthen user authentication with adaptive MFA and policy-based access. Support Zero Trust by ensuring the right people access the right data at the right time. Centralize identity governance across cloud and on-premise systems.

Thales Solutions and ISO/IEC 27001:2022 Controls

Thales delivers technology that supports ISO/IEC 27001:2022 compliance and improves operational resilience, visibility, and control.

The following table is a non-exhaustive mapping of how Thales products support the revised ISO/IEC 27001:2022 controls.

ISO 27001:2022 ControlThales Product(s)Solution
A.5.7 – Threat Intelligence
  • Imperva Application Security
  • DSPM
Deliver proactive threat detection, behavioral analysis, and event correlation
A.5.23 – Use of Cloud Services
  • CipherTrust Data Security Platform
  • DSPM
Encryption, access policies, and data classification secure data in multi-cloud environments
A.8.10 – Data Deletion
  • CipherTrust Data Security Platform
Enable secure erasure of data via crypto-shredding or automated deletion workflows
A.8.11 – Data Masking
  • CipherTrust Data Security Platform
Protect sensitive fields through tokenization and masking to minimize exposure
A.8.12 – Data Leakage Prevention
  • CipherTrust Data Security Platform
  • Identity and Access Management
Prevent exfiltration through user access controls, policy enforcement, and encryption
A.8.16 – Monitoring Activities
  • Imperva Application Security
Real-time monitoring of access and activity for apps, APIs, and databases
A.5.15 / A.5.17 – Access Control & Identity Verification
  • Identity and Access Management
Deliver risk-based access policies, SSO, and adaptive authentication across services

Build Security That Goes Beyond Compliance

Achieving ISO/IEC 27001:2022 certification is a milestone, but maintaining trust, continuity, and resilience in the face of evolving threats requires more. Thales helps you go further by embedding security into every infrastructure, data, and identity stack layer.

Visit our ISO 27001:2022 solutions hub to explore how we can help accelerate your compliance and strengthen your business in the long term.