ISO 27001 does not specify technologies to be implemented as part of security controls - each company must choose a technology that is the best fit for their circumstances.

When choosing a technology, you should take into account the following:
- The risks you identified during the risk assessment
- Security requirements specified in regulations, requirements from your customers, and from other interested parties
- Management decisions, i.e., the level of budget and the prioritization of investments