ISO/IEC 27001
Get ISO 27001 certified
with evidence auditors trust
Annex A.7 physical entry controls are among the top audit findings worldwide. LogBook360 closes every visitor management gap with tamper-evident logs, digital NDAs, and auto-expiring badges.
Visitor management gaps are the #1 nonconformity in ISO 27001 Stage 2 audits.
ISO 27001 Audit Checklist
Visitor register maintained and protected
Temporary badges issued and returned
NDA signed by all non-staff visitors
Escorts logged for secure-area access
Entry and exit timestamps recorded
Access logs retained per retention policy
Audit-ready. Zero gaps detected.
ISO 27001 coverage
Annex A.7Physical entry
Annex A.5Policies
Annex A.9Access control
Audit reality
What ISO 27001 auditors actually check
Certifiers walk your reception. They ask your front desk staff to demonstrate the process. They pull 30-day logs and spot-check NDA signatures. This is what they look for.
Annex control
7.2 Physical Entry Controls
Auditors physically test your reception. They ask to see the visitor register, check badge expiry, and request NDA evidence for the last 30 days.
Annex control
7.4 Physical Security Monitoring
Your CCTV and access logs must be reviewed regularly. Stranger detections must be documented. Gaps in monitoring are an immediate finding.
Annex control
A.5.33 Information Retention
Visitor records must be retained per a documented policy and auto-deleted when the retention window closes. Paper logs cannot prove this.
Annex control
A.5.3 Segregation of Duties
Role-based permissions determine who can view, export, or delete visitor data. RBAC must be enforced and auditable.
Control mapping
Every Annex A requirement. Every LogBook360 feature.
A.7.2
Requirement
Visitor access control procedures
LogBook360 control
Structured check-in/out with identity verification and host confirmation
A.7.2
Requirement
Visitor registers and audit logs
LogBook360 control
Complete immutable visitor register with timestamps, photos, and NDA
A.7.2
Requirement
NDA and confidentiality obligations
LogBook360 control
Digital NDA presented and signed at every kiosk check-in
A.7.2
Requirement
Escort and supervision logging
LogBook360 control
Host assignment and escort field captured in every visit record
A.7.1
Requirement
Physical access badge management
LogBook360 control
Auto-expiring visitor badges with QR invalidation on departure
A.7.3
Requirement
Clearance and authorization workflows
LogBook360 control
Approval workflows for sensitive-area visits before entry grants
A.7.4
Requirement
Physical security monitoring integration
LogBook360 control
Live FR event feed with stranger detection and alert archiving
A.5.24
Requirement
Security incident and event logging
LogBook360 control
Emergency log exports and watchlist-match records for incident reports
Non-compliance risk
What happens when you fail the audit
ISO 27001 certification is increasingly a procurement requirement. Failing an audit or suffering a breach without it exposes you to regulatory, contractual, and reputational consequences across every jurisdiction you operate in.
IN
IndiaDPDP Act 2023
Up to INR 250 crore (~USD 30M)
Personal data breach due to inadequate controls
IT Act Section 43A
Compensation to affected parties (unlimited)
Negligent handling of sensitive personal data
Contract termination
Entire project revenue lost
ISO 27001 requirement in client contracts
US
United StatesGDPR (EU ops)
4% of global revenue or EUR 20M
Data breach linked to inadequate physical access controls
FTC Act Section 5
Up to USD 51,744 per violation per day
Unfair or deceptive security practices
Contractual loss
Fortune 500 contracts typically require ISO 27001
No certification = no enterprise procurement
GL
GlobalUK GDPR
Up to GBP 17.5M or 4% global turnover
Breach tracing back to physical access failures
Reputation damage
Avg. 28% stock drop after breach disclosure (IBM)
Public breach without demonstrable controls in place
Cyber insurance
30-40% premium increase without ISO 27001
Underwriters now require evidence of certified ISMS
Real enforcement
Marriott International
USD 124M fine
GDPR breach, inadequate physical access logs allowed intruder access to cardholder data
Morgan Stanley
USD 35M SEC fine
Failure to properly dispose of data-bearing equipment, traced to access control documentation gaps
Meta (UK)
GBP 17.5M (ICO)
Multiple breaches attributed to inadequate physical and logical access controls
Certification path
From zero to certified in 10-16 weeks
1
Gap analysis
1-2 weeks
Identify where your current visitor and physical security controls fall short of Annex A requirements.
2
Remediation
4-8 weeks
Deploy LogBook360, configure RBAC, NDA workflows, and retention policies to close the gaps.
3
Stage 1 audit
1 week
Document review. Certifier checks your ISMS documentation and evidence binders.
4
Stage 2 audit
1-2 weeks
On-site assessment. Auditors walk your reception, test visitor handling, and review logs.
5
Certification
2-4 weeks
Certificate issued. Valid for 3 years with annual surveillance audits.
Who certifies you
Top ISO 27001 certification bodies
All are UKAS or ANAB accredited. LogBook360 audit exports are accepted as evidence by every body below.
BSI
#1
British Standards Institution
Best for
Brand prestige, global orgs
UK, Europe, Global
SGS
#2
SGS Group
Best for
Global reach, large enterprises
Worldwide
Bureau Veritas
#3
Bureau Veritas
Best for
Broad industry coverage
Europe, Global
NQA
#4
NQA Certification
Best for
Mid-market, transparent pricing
UK, US, Europe
TUV SUD
#5
TUV Sud AG
Best for
Technical/engineering focus
Europe, Germany
Implementation partners
Firms that implement ISO 27001 for you
These firms specialize in gap analysis and remediation. LogBook360 integrates with their evidence collection workflows.
Schellman
Excellent
ISO 27001, SOC 2, CMMC, NIST
Multi-framework, tech/SaaS focus
A-LIGN
Very Good
ISO 27001, SOC 2, CMMC, NIST
High volume, efficient processes
BARR Advisory
Excellent
ISO 27001, SOC 2, CMMC
Cloud/SaaS heavy, implementation + remediation
Prescient Security
Strong
ISO 27001, SOC 2, NIST
Mid-market, hands-on implementation
Start closing ISO 27001 gaps today
Our compliance team will map your current visitor process to every Annex A control and show you exactly what evidence LogBook360 generates for your certifier.