Framework: ISO/IEC 27001:2022
Okta backup and disaster recovery for ISO 27001
ISO/IEC 27001:2022 Annex A controls expect the identity layer underlying access management to have documented backup, restore, and continuity controls. Butterfly's Audit Pack maps to the access-control and continuity Annex A controls.
Scope
In-scope control families
- A.5.16 — Identity Management
- A.5.30 — ICT Readiness for Business Continuity
- A.8.5 — Secure Authentication
- A.8.13 — Information Backup
Coverage mapping
How Butterfly maps to ISO/IEC 27001:2022
A.5.16 — Identity Management
Point-in-time history of identity entities, restorable per resource type.
A.5.30 — ICT Readiness for Business Continuity
Restore Readiness Score is a continuous, evidence-able indicator that recovery is in fact ready.
A.8.13 — Information Backup
Scheduled, encrypted backups with retention; Audit Pack documents posture for the auditor.
FAQ
Can the Audit Pack be filtered to ISO 27001 only?
Yes. Framework-filterable; the ISO section is self-contained.
How does Butterfly support A.5.30 ICT readiness?
Restore Readiness Score + Restore preview + Audit Pack export with SHA-256 manifest.
Is Butterfly itself ISO 27001 certified?
Not currently. SOC 2 is the first attestation in flight. The Trust Center tracks the certification roadmap honestly.
Other frameworks