ISO 27001
ISO/IEC 27001:2022 ISMS
Overview
ISO/IEC 27001:2022 is the international standard for Information Security Management Systems (ISMS). IOF has established its ISMS with risk assessment, incident response procedures, and business continuity planning. A Stage 1 (documentation) gap analysis is scheduled for 2026 Q4, followed by Stage 2 (operational) certification in 2027.
Scope
Applies to all IOF information assets: source code, production infrastructure (AWS ECS), edge layer (Cloudflare Workers), authentication (Clerk), billing data (Stripe), and engineering systems (GitHub).
Key Controls
- Risk register with assessed and mitigated risks
- Access control policy: least privilege, ABAC via Cerbos
- Cryptography policy: TLS 1.3 in transit, AES-256 at rest
- Incident response procedure with 24h customer notification SLA
- Business continuity: multi-region, health checks, circuit breakers
- Supplier relationship management: sub-processor register with DPA
- Change management: Git-based, PR-reviewed, CI-validated
Certification & Audit
Accredited ISO 27001 certification body (selection in progress)
2026 Q4 — Stage 1 gap analysis; 2027 — Stage 2 certification
Evidence Bundle
Evidence bundle available on request
Contact compliance@islamicopenfinance.com to request the evidence pack for this framework. We typically respond to audit requests within two business days.