Compliance •
ISO 27001 and Employee Monitoring: How Control 8.16 Requires Activity Monitoring
ISO 27001 employee monitoring is not optional for organizations pursuing certification. Control 8.16 in Annex A of the 2022 standard explicitly requires continuous monitoring of networks, systems, and applications for anomalous behavior. This guide explains exactly what the standard demands, which controls apply, and how to build a monitoring program that satisfies auditors while respecting employee privacy.
Disclaimer: This article provides informational guidance on ISO 27001 monitoring requirements and is not legal or certification advice. ISO 27001 implementation varies by organizational context and scope. Consult a qualified ISMS auditor or information security consultant for guidance specific to your organization.
What Is ISO 27001 and Why Does It Matter for Employee Monitoring?
ISO 27001 is the international standard for information security management systems (ISMS), published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Over 70,000 organizations worldwide hold ISO 27001 certification as of 2025 (ISO Survey of Management System Standard Certifications). The standard provides a systematic framework for managing sensitive company information so that it remains secure.
But what does an information security standard have to do with employee monitoring? More than most organizations realize. The 2022 revision of ISO 27001 restructured its Annex A controls from 114 to 93, and in that restructuring, it introduced control 8.16: Monitoring Activities as a standalone requirement. This control mandates that organizations actively monitor networks, systems, and applications for anomalous behavior, not just log events after they happen.
The distinction matters. Under the 2013 version, monitoring was bundled with logging under control A.12.4. Organizations could argue that passive log collection satisfied the requirement. The 2022 revision closed that gap. Monitoring is now its own control, and auditors expect evidence of active, continuous monitoring, not just log files sitting on a server.
For organizations pursuing or maintaining ISO 27001 certification, employee monitoring tools provide the technical infrastructure to satisfy multiple Annex A controls simultaneously. The activity logs, access records, and anomaly detection capabilities these tools provide map directly to what certification auditors verify during both Stage 1 (documentation review) and Stage 2 (implementation evidence) audits.
ISO 27001 Control 8.16: Monitoring Activities Explained
Control 8.16 in ISO 27001:2022 is titled "Monitoring Activities" and falls under the Technology category of Annex A controls. The control states that networks, systems, and applications shall be monitored for anomalous behavior and that appropriate actions shall be taken to evaluate potential information security incidents.
What does "anomalous behavior" mean in practice? The standard's implementation guidance specifies several categories of activity that monitoring should cover:
- Inbound and outbound network traffic: Unusual data transfers, connections to unfamiliar external services, and traffic patterns that deviate from established baselines
- System and application access: Login attempts outside normal hours, access to systems or files not related to an employee's role, repeated failed authentication attempts
- Configuration changes: Modifications to system settings, security policies, or access permissions, especially by users who do not typically perform administrative tasks
- Privileged user actions: Activities performed by administrators, database operators, or users with elevated permissions require heightened monitoring due to their potential impact
- Resource consumption: Unusual CPU, memory, storage, or bandwidth usage that may indicate malware, unauthorized processes, or data exfiltration
The control also requires that monitoring tools and activities be protected against tampering. Monitoring logs must be stored securely, with access restricted to authorized personnel. This prevents insiders from deleting evidence of their own anomalous behavior.
How Control 8.16 Differs from Control 8.15 (Logging)
Organizations frequently confuse logging with monitoring. Control 8.15 (Logging) requires the creation and protection of event logs. Control 8.16 requires the active analysis of those logs and system behaviors to detect anomalies. Consider the analogy of a security camera system: 8.15 requires recording; 8.16 requires someone actually watching the footage and responding to what they see.
In practical terms, an organization that collects application access logs (satisfying 8.15) but never reviews them for unusual patterns fails to meet 8.16. The monitoring control demands an active, ongoing process, not a passive archive.
All ISO 27001 Annex A Controls That Require Monitoring
Control 8.16 is the most explicit monitoring requirement, but it is not the only Annex A control where employee monitoring tools provide evidence. Seven additional controls directly benefit from or require monitoring capabilities:
| Control | Title | Monitoring Requirement |
|---|---|---|
| 5.7 | Threat Intelligence | Monitor for indicators of compromise and threat patterns across employee endpoints |
| 8.7 | Protection Against Malware | Monitor endpoints for unauthorized software installation and suspicious processes |
| 8.15 | Logging | Generate and protect event logs covering user activities, exceptions, and security events |
| 8.16 | Monitoring Activities | Active monitoring of networks, systems, and applications for anomalous behavior |
| 5.26 | Response to Information Security Incidents | Monitoring data provides the evidence trail for incident investigation and response |
| 8.5 | Secure Authentication | Monitor authentication events for brute force attempts, credential sharing, and unauthorized access |
| 5.15 | Access Control | Verify that access control policies are enforced through monitored access patterns |
| 8.12 | Data Leakage Prevention | Monitor for unauthorized data transfers, USB usage, and file exfiltration attempts |
An employee monitoring platform that tracks application usage, file activity, USB connections, and access patterns provides evidence across all eight of these controls. That consolidation is valuable during certification audits, where demonstrating cross-control coverage reduces the number of separate evidence artifacts auditors require.
What Audit Trail Evidence Do ISO 27001 Auditors Expect?
ISO 27001 certification involves a two-stage external audit. Stage 1 reviews documentation (policies, procedures, risk assessments). Stage 2 verifies that implemented controls actually function as documented. For monitoring-related controls, auditors typically request the following evidence during Stage 2:
Required Log Types
- Application access logs showing who accessed which applications, when, and for how long
- File access and modification records with timestamps, user identity, and file paths
- Authentication event logs covering successful logins, failed attempts, and account lockouts
- Privileged user activity logs documenting administrator actions across systems
- USB and removable media logs recording device connections, file transfers, and policy violations
- Network traffic summaries highlighting unusual data transfer volumes or external connections
- Alert and incident records showing that monitoring triggers were defined, fired, and acted upon
Log Integrity and Protection
Control 8.15 specifies that logging facilities and log information shall be protected against tampering and unauthorized access. Auditors verify this by checking that logs are stored in a centralized, access-controlled repository; that log data is encrypted in transit and at rest; that log retention periods are defined and enforced; and that a separation of duties exists between log generators and log reviewers.
Organizations using employee monitoring tools with built-in encrypted storage and role-based access control satisfy these requirements more easily than those cobbling together evidence from multiple disparate systems. A 2024 study by IT Governance found that 43% of ISO 27001 non-conformities during surveillance audits relate to inadequate monitoring and logging evidence, making this the single largest category of audit findings.
How to Implement ISO 27001 Compliant Employee Monitoring
Implementing monitoring that satisfies ISO 27001 while respecting privacy regulations requires a structured approach. The following six-step process aligns with the Plan-Do-Check-Act (PDCA) cycle that ISO 27001 itself is built upon.
Step 1: Define Your Monitoring Scope in the Statement of Applicability
The Statement of Applicability (SoA) lists which Annex A controls apply to your organization and why. For control 8.16, document what you will monitor (application access, file activity, network traffic, USB usage), what you will not monitor (personal devices, off-hours activity), and why your scope is proportionate to your identified risks. This document becomes the foundation auditors use to evaluate your monitoring program.
Step 2: Conduct a Risk Assessment Linking Monitoring to Identified Threats
ISO 27001 clause 6.1.2 requires risk assessment before control selection. Map specific risks, such as insider data theft, unauthorized application usage, or credential sharing, to monitoring controls that detect those risks. A monitoring tool that tracks file transfers addresses the risk of data exfiltration. Application usage monitoring addresses the risk of unauthorized software. The risk assessment creates a documented chain from identified threat to selected control to implemented monitoring.
Step 3: Select and Configure Monitoring Tools
Choose monitoring tools that cover the technical controls in your SoA. For most organizations, the minimum capabilities include application and website activity tracking, file access and modification logging, USB and removable media monitoring, real-time alerting for policy violations, centralized and tamper-resistant log storage, and role-based access to monitoring data. A single platform that provides all these capabilities simplifies both implementation and audit evidence collection.
Step 4: Establish Monitoring Baselines and Alert Thresholds
Control 8.16 references "anomalous behavior," which requires a baseline definition of normal behavior. Run your monitoring tool in observation mode for 2-4 weeks to establish baselines for typical application usage patterns, normal working hours, standard file access volumes, and expected data transfer sizes. Then configure alerts for deviations: access outside working hours, file transfers exceeding baseline volumes, connections to unauthorized applications, or login attempts from unusual locations.
Step 5: Create a Monitoring Review and Response Procedure
Active monitoring means nothing without a response process. Document who reviews monitoring data and how often (daily dashboard review, weekly detailed analysis), what constitutes a security incident versus a false positive, escalation procedures for confirmed anomalies, incident response timelines aligned with control 5.26, and how monitoring findings feed back into risk assessment updates. Auditors specifically check for evidence that monitoring alerts were investigated and resolved, not just generated.
Step 6: Document, Train, and Communicate
ISO 27001 clause 7.2 requires competence and clause 7.3 requires awareness. Train the security team on monitoring tool operation, alert triage, and incident response. Inform all employees about monitoring scope, purpose, and their rights. Document the monitoring policy as part of your ISMS documentation set. Employee awareness is not just a privacy requirement; ISO 27001 auditors check for evidence that staff understand the security controls that affect them.
Balancing ISO 27001 Monitoring with Employee Privacy
Every organization implementing ISO 27001 monitoring faces a tension: the standard demands comprehensive activity monitoring, while privacy regulations like GDPR, CCPA, and various national employment laws restrict what employers can collect. The good news is that these frameworks are compatible when the monitoring is designed correctly.
The Proportionality Principle
Both ISO 27001 and GDPR require proportionality. ISO 27001 clause 6.1.3 requires that selected controls be proportionate to assessed risks. GDPR Article 5(1)(c) requires data minimization. In practice, this means your monitoring should be the minimum necessary to address identified security risks, not the maximum your tools can technically collect.
For example, monitoring application usage patterns and file access satisfies control 8.16 for most organizations. Adding screen capture or keystroke logging may be disproportionate unless your risk assessment identifies specific threats (such as intellectual property theft in high-security environments) that less intrusive monitoring cannot address.
Work-Hours-Only Monitoring
Privacy regulators consistently rule that off-hours monitoring is disproportionate except in narrow circumstances. Configuring monitoring to activate only during scheduled work hours satisfies ISO 27001 (which is concerned with security during business operations) while respecting privacy boundaries. An employee monitoring platform that starts and stops with employee clock-in and clock-out provides this boundary automatically.
Transparency as a Shared Requirement
ISO 27001 control 6.2 requires information security awareness. GDPR Article 13 requires transparency about data processing. Both frameworks demand that employees know they are being monitored, what data is collected, and why. A single monitoring policy document, distributed during onboarding and reviewed annually, satisfies both requirements simultaneously.
Organizations that approach monitoring as a compliance exercise rather than a trust issue tend to achieve better outcomes. When employees understand that monitoring exists to protect the organization's data (and, by extension, their own personal data stored in company systems), acceptance rates increase. A 2024 Gartner survey found that 78% of employees accept workplace monitoring when the purpose is clearly communicated and limited to work-related activities.
5 ISO 27001 Monitoring Gaps That Cause Audit Non-Conformities
After working with organizations pursuing certification, certain monitoring gaps appear repeatedly during audits. Addressing these proactively reduces the risk of non-conformities and certification delays.
Gap 1: Logging Without Monitoring
The most common gap. Organizations collect logs (satisfying 8.15) but never actively review them (failing 8.16). Auditors ask: "Show me evidence that monitoring alerts were generated and investigated in the past 90 days." If you cannot produce investigation records, you have a non-conformity. The fix is straightforward: configure alerts for defined anomalies, assign review responsibility, and document investigations.
Gap 2: No Defined Baselines for "Normal" Behavior
You cannot detect anomalies without defining what is normal. Organizations that skip the baseline establishment phase (Step 4 above) either generate excessive false positives that overwhelm reviewers or set thresholds so high that real anomalies pass undetected. Both outcomes result in audit findings. Invest 2-4 weeks in baseline observation before configuring production alerts.
Gap 3: Privileged User Monitoring Gaps
Control 8.16 specifically calls out monitoring of privileged user actions. System administrators, database operators, and IT staff with elevated permissions represent the highest-risk user group for insider threats. The 2025 Verizon Data Breach Investigations Report found that privilege misuse was involved in 20% of breaches attributed to internal actors. If your monitoring excludes privileged users or applies less scrutiny to their activities, auditors will flag the gap.
Gap 4: Insufficient Log Retention
ISO 27001 does not prescribe specific retention periods, but auditors expect retention policies aligned with your risk assessment and legal obligations. If your monitoring tool automatically deletes logs after 30 days, you may lack evidence for incident investigations that emerge months later. Most organizations retain detailed activity logs for 90-180 days and aggregated reports for 12-24 months.
Gap 5: No Integration Between Monitoring and Incident Response
Control 5.26 (Response to Information Security Incidents) requires that monitoring findings feed into incident response. If your monitoring tool generates alerts but those alerts are not connected to your incident management process, you have a process gap. Define how monitoring alerts create incident tickets, who triages them, and what the escalation path looks like.
How eMonitor Supports ISO 27001 Certification
eMonitor is an employee monitoring and productivity platform that provides the technical monitoring capabilities ISO 27001 auditors verify. For organizations pursuing certification, eMonitor addresses multiple Annex A controls through a single platform.
Control 8.16 Coverage: Activity Monitoring
eMonitor's real-time activity monitoring tracks application usage, website access, and work patterns for every employee. The platform classifies applications as productive, non-productive, or neutral based on configurable rules, establishing the behavioral baselines that control 8.16 requires. When activity deviates from established patterns, the alert system notifies designated reviewers, creating the active monitoring loop auditors expect.
Control 8.15 Coverage: Logging
Every monitored activity generates a timestamped, immutable log entry stored in encrypted cloud storage. Log data includes user identity, application name, timestamps, duration, and activity classification. Role-based access control ensures that only authorized personnel (ISMS managers, security officers) can access raw monitoring data, satisfying the log protection requirements.
Control 8.12 Coverage: Data Leakage Prevention
eMonitor's DLP module monitors USB device connections, file access and modification events, and upload/download activities. Real-time alerts fire when employees connect unauthorized USB devices, access restricted files, or transfer data to unapproved cloud services. These capabilities directly address the data leakage prevention control.
Privacy by Design
eMonitor tracks activity only during work hours, starting when employees clock in and stopping when they clock out. Employee-facing dashboards provide transparency. Configurable monitoring levels let organizations match monitoring depth to their risk assessment, implementing the proportionality that both ISO 27001 and GDPR demand. Starting at $4.50 per user per month, the platform provides enterprise-grade monitoring capabilities accessible to organizations of any size pursuing certification.
Over 1,000 companies use eMonitor for workforce visibility and security compliance, with a 4.8/5 rating on Capterra from 57 verified reviews.
Maintaining Compliance Through Surveillance Audits
ISO 27001 certification is not a one-time achievement. After initial certification, organizations undergo surveillance audits annually (typically covering one-third of the ISMS scope per visit) and a full recertification audit every three years. Monitoring is a frequent focus area during surveillance audits because it generates ongoing evidence, unlike policies that are written once.
What Surveillance Auditors Check for Monitoring
During surveillance audits, auditors verify that monitoring is actually running (not just configured and forgotten), that alert thresholds have been reviewed and adjusted based on operational experience, that monitoring findings have been investigated and documented, that the monitoring scope still aligns with the current risk assessment, and that any changes to the IT environment (new applications, cloud migrations, remote work policies) are reflected in updated monitoring configurations.
Continuous Improvement Through Monitoring Data
ISO 27001 clause 10.1 requires continual improvement. Monitoring data is one of the richest sources of improvement evidence. Trends in alert volumes, types of anomalies detected, false positive rates, and incident response times all feed into the management review process (clause 9.3). Organizations that present monitoring trend data during management reviews demonstrate maturity that auditors recognize and reward with smoother audits.
A practical approach: generate a monthly monitoring summary report showing total alerts generated, alerts investigated, confirmed incidents, false positive rate, and average response time. This single report provides evidence for clauses 9.1 (performance evaluation), 9.3 (management review), and 10.1 (continual improvement).
ISO 27001 Monitoring vs. SOC 2 Monitoring: Key Differences
Organizations pursuing multiple certifications often ask how ISO 27001 monitoring requirements compare to SOC 2. While both frameworks require monitoring, they differ in structure and emphasis.
| Dimension | ISO 27001 | SOC 2 |
|---|---|---|
| Monitoring standard | Control 8.16 (Monitoring Activities) | CC7.2 (Monitor system components for anomalies) |
| Prescriptiveness | Defines what to monitor; implementation is risk-based | Defines trust service criteria; implementation is principle-based |
| Scope | Entire ISMS scope (can be limited to specific systems) | Systems and data relevant to the trust service criteria in scope |
| Audit evidence | Policies, procedures, logs, investigation records | Control descriptions, tests of operating effectiveness, log samples |
| Certification cycle | 3-year certificate with annual surveillance audits | Annual Type II report covering a 6-12 month observation period |
| Privacy integration | Control 5.34 addresses PII protection within the ISMS | Separate Privacy trust service category (optional) |
The practical advantage for organizations: a monitoring tool that satisfies ISO 27001 controls 8.15 and 8.16 typically provides sufficient evidence for SOC 2 CC7.1 and CC7.2 as well. Implementing one comprehensive monitoring program can serve both certification objectives, reducing duplication.
Getting Started: ISO 27001 Employee Monitoring Checklist
For organizations beginning their ISO 27001 certification journey or preparing for a transition audit from the 2013 to the 2022 version, use this checklist to verify your monitoring program covers the essentials:
- Statement of Applicability updated: Control 8.16 is included and justified with documented rationale
- Risk assessment links to monitoring: Identified risks map to specific monitoring controls
- Monitoring tool deployed: Covers application access, file activity, USB usage, and authentication events
- Behavioral baselines established: 2-4 weeks of observation data defines "normal" activity patterns
- Alert thresholds configured: Deviations from baselines trigger documented alerts
- Review process documented: Named reviewers, review frequency, and escalation procedures defined
- Incident response integration: Monitoring alerts feed into the incident management process
- Log protection verified: Encrypted storage, role-based access, tamper protection confirmed
- Retention periods defined: Aligned with risk assessment and legal requirements
- Employee notification completed: Monitoring policy communicated to all staff
- DPIA conducted: Privacy impact assessed if operating under GDPR or similar regulation
- Management review scheduled: Monitoring effectiveness review on annual audit calendar
Organizations that complete this checklist before their Stage 2 audit consistently report smoother certification experiences. The monitoring controls, when implemented properly, provide some of the clearest, most demonstrable evidence auditors encounter during certification assessments.
Frequently Asked Questions About ISO 27001 Employee Monitoring
Does ISO 27001 require employee monitoring?
ISO 27001 requires organizations to implement controls for monitoring activities, networks, and systems. Control 8.16 in Annex A of ISO 27001:2022 explicitly mandates that networks, systems, and applications be monitored for anomalous behavior and that appropriate actions be taken to evaluate potential information security incidents.
What is ISO 27001 control 8.16?
ISO 27001 control 8.16, titled Monitoring Activities, requires organizations to monitor networks, systems, and applications for anomalous behavior. It specifies that monitoring should cover inbound and outbound network traffic, system and application access, configuration changes, and actions performed by privileged users. The control became mandatory in the 2022 revision of the standard.
How does employee monitoring help ISO 27001 certification?
Employee monitoring provides the continuous activity logging, anomaly detection, and audit trail evidence that ISO 27001 auditors verify during certification. Monitoring tools generate the timestamped records required under controls 8.15 (Logging) and 8.16 (Monitoring Activities), reducing manual evidence collection and demonstrating ongoing compliance.
What monitoring logs does ISO 27001 require?
ISO 27001 control 8.15 requires event logs that record user activities, exceptions, faults, and information security events. Specific log types include application access logs, system administrator activity logs, file access and modification records, network traffic logs, authentication events, and security-relevant configuration changes. Logs must be protected against tampering and unauthorized access.
What changed in ISO 27001:2022 regarding monitoring?
ISO 27001:2022 introduced control 8.16 (Monitoring Activities) as a standalone requirement, separated from the logging controls. The 2013 version addressed monitoring under A.12.4, but the 2022 revision elevated monitoring to its own dedicated control. Active, continuous monitoring is now explicitly required rather than passive log collection.
Is keystroke logging required for ISO 27001?
ISO 27001 does not require keystroke logging specifically. The standard mandates monitoring of activities, access patterns, and security events, not individual keystrokes. Organizations satisfy control 8.16 through application usage monitoring, access logging, file activity tracking, and network monitoring without needing keystroke capture.
How often must ISO 27001 monitoring be reviewed?
ISO 27001 clause 9.1 requires performance evaluation at planned intervals. Most certification bodies expect continuous automated monitoring with regular human review. Organizations typically review monitoring dashboards daily, conduct detailed log analysis weekly, and perform formal effectiveness reviews during annual internal audits.
Can cloud-based monitoring tools satisfy ISO 27001?
Cloud-based monitoring tools satisfy ISO 27001 provided they offer encrypted data transmission, role-based access control, tamper-proof log storage, and data residency options. Organizations must also assess the cloud provider's security posture under control 5.19 (Information Security in Supplier Relationships) as part of supplier management.
What is the difference between ISO 27001 controls 8.15 and 8.16?
Control 8.15 (Logging) addresses the creation, storage, and protection of event logs. Control 8.16 (Monitoring Activities) addresses the active review and analysis of those logs to detect anomalies. In simple terms, 8.15 requires you to record events; 8.16 requires you to watch for suspicious patterns in those records and in real-time behavior.
Does ISO 27001 monitoring conflict with GDPR?
ISO 27001 monitoring and GDPR coexist when implemented correctly. The standard itself references privacy in control 5.34. Organizations satisfy both by conducting a DPIA, limiting collection to security-relevant activities, informing employees transparently, and defining retention periods. Work-hours-only monitoring with documented policies satisfies both frameworks.
ISO 27001 Employee Monitoring Is a Certification Requirement, Not an Option
The 2022 revision of ISO 27001 removed any ambiguity about monitoring. Control 8.16 requires active monitoring of systems, networks, and applications. Control 8.15 requires protected logging. Control 8.12 requires data leakage prevention. Together, these controls demand a monitoring infrastructure that generates, stores, and actively reviews employee activity data for security purposes.
For organizations pursuing certification, the practical path is clear: deploy monitoring tools that cover the Annex A controls in your Statement of Applicability, establish behavioral baselines, configure alert thresholds, document review procedures, and connect monitoring findings to incident response. The organizations that treat ISO 27001 employee monitoring as a core infrastructure investment, rather than a checkbox exercise, achieve certification faster, pass surveillance audits with fewer findings, and gain genuine security improvements alongside their certification.
The evidence is in the numbers. With 43% of audit non-conformities related to monitoring gaps (IT Governance, 2024) and 20% of internal breaches involving privilege misuse (Verizon DBIR, 2025), monitoring is not just a certification requirement. It is a security necessity.
Sources
- ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection, International Organization for Standardization
- ISO Survey of Management System Standard Certifications 2024, ISO
- IT Governance, "ISO 27001 Audit Non-Conformity Analysis," 2024
- Verizon, "2025 Data Breach Investigations Report"
- Gartner, "Workforce Monitoring Trends Survey," 2024
- European Data Protection Board, Guidelines on Monitoring of Electronic Communications in the Workplace
Recommended Internal Links
| Anchor Text | URL | Suggested Placement |
|---|---|---|
| employee monitoring software | https://www.employee-monitoring.net/features/employee-monitoring | Introduction or "What Is ISO 27001" section |
| real-time activity monitoring | https://www.employee-monitoring.net/features/activity-tracking | "How eMonitor Supports ISO 27001" section |
| DLP and data loss prevention | https://www.employee-monitoring.net/features/data-loss-prevention | "Control 8.12 Coverage" section |
| real-time alerts and notifications | https://www.employee-monitoring.net/features/real-time-alerts | "Monitoring Baselines and Alert Thresholds" section |
| GDPR employee monitoring guide | https://www.employee-monitoring.net/blog/gdpr-employee-monitoring-guide | "Balancing ISO 27001 with Privacy" section |
| employee activity tracking | https://www.employee-monitoring.net/features/app-website-tracking | "Control 8.16 Coverage" section |
| reporting and dashboards | https://www.employee-monitoring.net/features/reporting-dashboards | "Surveillance Audits" section |
| is employee monitoring ethical | https://www.employee-monitoring.net/blog/is-employee-monitoring-ethical | "Balancing with Privacy" section |
| eMonitor security practices | https://www.employee-monitoring.net/compliance/data-security | "Log Integrity and Protection" section |
| employee monitoring pricing | https://www.employee-monitoring.net/pricing | "How eMonitor Supports ISO 27001" section |