ISO 27001
Annex A.8.8 Vulnerability Management.
ISO 27001:2022 introduced Annex A control A.8.8 β Management of Technical Vulnerabilities β as one of the 93 controls organisations must address. Centraleyezer provides a systematic, evidence-backed approach to this control and the surrounding information security framework.
How Centraleyezer covers ISO 27001
Centraleyezer maps directly to the technical requirements β with built-in evidence collection so audits are fast.
Management of technical vulnerabilities
Centraleyezer provides a complete, documented vulnerability management process: discovery, risk scoring, prioritisation, assignment, remediation, and verification. The full lifecycle is logged and reportable for ISO 27001 audits.
Configuration management
The asset inventory integrates configuration data, enabling correlation between configuration drift and vulnerability exposure β a common ISO 27001 audit finding.
Information security for use of cloud services
Cloud asset discovery (AWS, Azure, GCP) ensures cloud-hosted resources are included in the vulnerability scope, a frequent gap in ISO 27001 audits.
Information security during disruption
Business Continuity Planning is supported by asset criticality scoring that identifies which vulnerabilities, if exploited, would disrupt critical operations.
Statement of Applicability and audit evidence
Centraleyezer exports vulnerability metrics, trends, and remediation SLA adherence data your team can use to evidence A.8.8 implementation in your ISO 27001 documentation. Centraleyezer does not generate the certification report itself β your ISMS team owns that.
Read more
- ISO 27001 A.8.8 β what auditors test
Auditor testing procedures, common non-conformities, and a 10-item evidence checklist.
- CVSS scores aren't enough β contextual RBVM
Why 'risk-based' prioritisation must go beyond CVSS for A.8.8 conformity.