ISO 27001

ISO/IEC 27001:2013 (also known as ISO27001) is the international standard for information security. It sets out the specification for an information security management system (ISMS). The information security management system standard’s best-practice approach helps organisations manage their information security by addressing people, processes and technology.

Who is it for?

ISO 27001 certification applies to any organisation that wishes or is required to formalise
and improve business processes around information security, privacy and securing its
information assets.

As a result of ISO 27001 Certification, your organisation can demonstrate that its people,
processes, tools, and systems adhere to a recognised framework

The standard

The standard is separated into two parts. The first, main part consists of 11 clauses (0 to 10). The second part, called Annex A, provides a guideline for 114 control objectives and controls. Clauses Introduction, Scope, Normative references, Terms and definitions set the introduction of the ISO 27001 standard. The following clauses 4 to 10, which provide ISO 27001 requirements that are mandatory if the company wants to be compliant with the standard. Annex A of the standard supports the clauses and their requirements with a list of controls that are not mandatory, but that are selected as part of the risk management process.