What is the ISO 27001 standard?
Daniel Rodriguez
Published Mar 11, 2026
What is the ISO 27001 standard?
ISO/IEC 27001:2013 (also known as ISO27001) is the international standard for information security. It sets out the specification for an information security management system (ISMS).
What is the difference between ISO 27001 and 27002?
The key difference between ISO 27001 and ISO 27002 is that ISO 27002 is designed to use as a reference for selecting security controls within the process of implementing an Information Security Management System (ISMS) based on ISO 27001. Organisations can achieve certification to ISO 27001 but not ISO 27002.
What is iso2700x?
ISO 27001 provides the requirements for an Information Security Management System (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.
What are the security standards?
A security standard is “a published specification that establishes a common language, and contains a technical specification or other precise criteria and is designed to be used consistently, as a rule, a guideline, or a definition.” The goal of security standards is to improve the security of information technology ( …
What does the ISO 27001 2013 standard do?
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
Is ISO 27002 a framework?
The ISO 27002 framework provides best-practice guidance on applying the controls listed in Annex A of ISO 27001. This provides independent, expert assurance that information security is managed in line with international best practices.
How do I comply with ISO 27001?
ISO 27001 registration/certification in 10 easy steps
- Prepare.
- Establish the context, scope, and objectives.
- Establish a management framework.
- Conduct a risk assessment.
- Implement controls to mitigate risks.
- Conduct training.
- Review and update the required documentation.
- Measure, monitor, and review.
Is ISO 27001 a legal requirement?
In most countries, implementation of ISO 27001 is not mandatory. However, some countries have published regulations that require certain industries to implement ISO 27001.
What are 3 domains of information security?
When we discuss data and information, we must consider the CIA triad. The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security.
What is the difference between ISO 27001 and ISO 27002?
The difference is that the ISO 27001 standard has an organizational focus and details requirements against which an organization’s Information Security Management System (ISMS) can be audited. ISO 27002 on the other hand is more focused on the individual and provides a code of practice for use by individuals within an organization.
What is ISO 27001 standards?
ISO 27001 is the de facto international standard for Information Security Management. It demonstrates a clear commitment to Information Security Management to third parties and stakeholders. It can provide a framework to ensure the fulfilment of commercial, contractual and legal responsibilities.
What is ISO 27001 certification process?
Stage 1 and 2 then awards of the certificate
What is ISO 27001 certified?
ISO/IEC 27001 specifies a management system that is intended to bring information security under management control and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit.
