ISO/IEC 27001
What is ISO/IEC 27001?
ISO/IEC 27001The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified.
ISO/IEC 27001 is the leading international standard for information security management, jointly published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The current 2022 edition specifies requirements for establishing, operating, monitoring, and continually improving an Information Security Management System (ISMS), including risk assessment, statement of applicability, and management review. Annex A lists 93 reference controls aligned with ISO/IEC 27002. Organizations can obtain accredited third-party certification, which is widely recognized in B2B contracts, public procurement, and supply-chain due diligence around the world.
● Examples
- 01
A SaaS provider achieving ISO/IEC 27001 certification to win European enterprise contracts.
- 02
A bank using an ISMS to manage regulatory and operational risk.
● Frequently asked questions
What is ISO/IEC 27001?
The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified. It belongs to the Compliance & Frameworks category of cybersecurity.
What does ISO/IEC 27001 mean?
The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified.
How do you defend against ISO/IEC 27001?
Defences for ISO/IEC 27001 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for ISO/IEC 27001?
Common alternative names include: ISO 27001, 27001.