pulumi · danbiwer · Jun 11, 2026
diff --git a/config/_default/menus.yml b/config/_default/menus.yml
@@ -353,18 +353,22 @@ reference:
     parent: reference-pre-built-policy-packs
     identifier: reference-pre-built-policy-packs-hitrust
     weight: 3
+  - name: ISO/IEC 27001
+    parent: reference-pre-built-policy-packs
+    identifier: reference-pre-built-policy-packs-iso-27001
+    weight: 4
   - name: NIST
     parent: reference-pre-built-policy-packs
     identifier: reference-pre-built-policy-packs-nist
-    weight: 4
+    weight: 5
   - name: PCI DSS
     parent: reference-pre-built-policy-packs
     identifier: reference-pre-built-policy-packs-pci-dss
-    weight: 5
+    weight: 6
   - name: Pulumi Best Practices
     parent: reference-pre-built-policy-packs
     identifier: reference-pre-built-policy-packs-pulumi-best-practices
-    weight: 6
+    weight: 7
 
 # -------------------------------------
 # Insights Policy Menu Section Headers

diff --git a/content/docs/insights/policy/policy-packs/pre-built-packs.md b/content/docs/insights/policy/policy-packs/pre-built-packs.md
@@ -36,6 +36,7 @@ The following pre-built policy packs are available out of the box in Pulumi Clou
 | **CIS 8.1** | [AWS](/docs/reference/pre-built-policy-packs/cis/aws/), [Azure](/docs/reference/pre-built-policy-packs/cis/azure/), [Google Cloud](/docs/reference/pre-built-policy-packs/cis/google-cloud/) | Enforces CIS 8.1 controls to help organizations implement industry-recognized security best practices and benchmarks across multiple cloud providers. |
 | **CIS Kubernetes** | [AWS (EKS)](/docs/reference/pre-built-policy-packs/cis-kubernetes/aws/), [Azure (AKS)](/docs/reference/pre-built-policy-packs/cis-kubernetes/azure/), [Google Cloud (GKE)](/docs/reference/pre-built-policy-packs/cis-kubernetes/google-cloud/) | Enforces CIS Kubernetes Benchmark controls for managed Kubernetes services, helping organizations secure their container orchestration platforms with industry-recognized best practices. |
 | **HITRUST CSF 11.5** | [AWS](/docs/reference/pre-built-policy-packs/hitrust/aws/), [Azure](/docs/reference/pre-built-policy-packs/hitrust/azure/), [Google Cloud](/docs/reference/pre-built-policy-packs/hitrust/google-cloud/) | Provides predefined controls that align cloud resources with HITRUST CSF requirements, helping organizations enforce security and compliance baselines across multiple providers. |
+| **ISO/IEC 27001:2022** | [AWS](/docs/reference/pre-built-policy-packs/iso-27001/aws/) | Enforces ISO/IEC 27001:2022 Annex A controls for AWS resources, helping organizations align their cloud infrastructure with the international standard for information security management. |
 | **NIST SP 800-53** | [AWS](/docs/reference/pre-built-policy-packs/nist/aws/) | Enforces NIST SP 800-53 rev. 5 security and privacy controls for AWS resources, helping federal agencies and organizations meet rigorous compliance requirements. |
 | **PCI DSS v4.0.1** | [AWS](/docs/reference/pre-built-policy-packs/pci-dss/aws/) | Enforces PCI DSS v4.0.1 compliance controls for AWS resources, ensuring payment card data security and helping organizations meet payment card industry standards. |
 | **Pulumi Best Practices** | [AWS](/docs/reference/pre-built-policy-packs/pulumi-best-practices/aws/), [Azure](/docs/reference/pre-built-policy-packs/pulumi-best-practices/azure/), [Google Cloud](/docs/reference/pre-built-policy-packs/pulumi-best-practices/google-cloud/) | Offers a foundational set of recommended governance and security controls, serving as a strong starting point for organizations seeking comprehensive security coverage. |