Framework: ISO/IEC 27001:2022
Okta backup and disaster recovery for ISO 27001
ISO/IEC 27001:2022 Annex A controls expect the identity layer underlying access management to have documented backup, restore, and continuity controls. Butterfly's Audit Pack maps to the access-control and continuity Annex A controls.
Scope
In-scope control families
- A.5.16 – Identity Management
- A.5.30 – ICT Readiness for Business Continuity
- A.8.5 – Secure Authentication
- A.8.13 – Information Backup
Coverage mapping
How Butterfly maps to ISO/IEC 27001:2022
A.5.16 – Identity Management
Point-in-time history of identity entities, restorable per resource type.
A.5.30 – ICT Readiness for Business Continuity
Restore Readiness Score is a continuous, evidence-able indicator that recovery is in fact ready.
A.8.13 – Information Backup
Scheduled, encrypted backups; target retention per plan with enforcement migrating from soft to scheduled prune. Audit Pack documents posture for the auditor.
FAQ
Can the Audit Pack be filtered to ISO 27001 only?
Yes. Framework-filterable; the ISO section is self-contained.
How does Butterfly support A.5.30 ICT readiness?
Restore Readiness Score + Restore preview + Audit Pack export with SHA-256 manifest.
Is Butterfly itself ISO 27001 certified?
Not currently. SOC 2 is the first attestation in flight. The Trust Center tracks the certification roadmap honestly.
Other frameworks