ISO 27001
ISO/IEC 27001 Information Security Management
ISO/IEC 27001 is the leading international standard for information security management systems (ISMS). It provides a risk-based framework of policies, procedures, and controls that organisations use to protect the confidentiality, integrity, and availability of information. Certification, issued after an independent audit, shows customers and regulators that security is managed systematically.
At its heart, ISO 27001 requires organisations to identify information risks and treat them using a set of controls, many of which are drawn from the standard's Annex A. Rather than prescribing specific technologies, it focuses on a repeatable management system — plan, implement, monitor, and improve.
Certification is achieved through a two-stage external audit and maintained with periodic surveillance audits and a full recertification every three years. It is widely requested in enterprise procurement and is often the foundation on which other compliance efforts, such as SOC 2, are built.
