Compliance & Frameworks
ISO/IEC 27001
Also known as: ISO 27001, 27001
Definition
The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified.
Examples
- A SaaS provider achieving ISO/IEC 27001 certification to win European enterprise contracts.
- A bank using an ISMS to manage regulatory and operational risk.
Related terms
ISO/IEC 27002
An international code of practice that provides detailed guidance and implementation advice for the information security controls listed in ISO/IEC 27001 Annex A.
SOC 2
SOC 2 — definition coming soon.
NIST Cybersecurity Framework
A voluntary risk-based framework published by the U.S. National Institute of Standards and Technology that organizes cybersecurity outcomes into six core functions.
Security Controls
Safeguards or countermeasures — technical, administrative, or physical — used to prevent, detect, or respond to threats against information assets.
Compliance
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.
Security Posture
Security Posture — definition coming soon.