Standard guide
ISO 27001: the information security standard
ISO 27001 is the international standard for an information security management system (ISMS). This guide covers the ISO 27000 family, what ISO 27001 certification involves, and how to approach ISO 27001 implementation.
The basics
What is ISO 27001?
ISO 27001 implementation, step by step
ISO 27001 implementation means defining scope, running a risk assessment, selecting Annex A controls and producing a Statement of Applicability — the evidence base an auditor reviews for certification.A management system
ISO 27001 defines the requirements for an ISMS — a risk-based system for managing information security across people, process and technology.
The ISO 27000 family
ISO 27001 sits within the wider ISO 27000 family, with ISO 27002 providing control guidance and ISO 27701 extending the ISMS to privacy.
Certification
ISO 27001 certification is awarded by an accredited body after an audit, and is increasingly demanded by customers and regulators alike.
The road to ISO 27001 certification
Scope and context
Define ISMS boundaries and interested parties.
Risk assessment
Identify, analyse and treat information security risk.
Statement of Applicability
Justify which Annex A controls apply.
Audit
Stage 1 and Stage 2 audits lead to ISO 27001 certification.
Where to next
Tool and train
GRC tooling
Keep your SoA and control evidence audit-ready.
Privacy
ISO 27701 and GDPR extend the ISMS to personal data.
NIS2
An ISO 27001 ISMS is a strong basis for NIS2 measures.
ISO 27001 FAQs
What is ISO 27001?
The international standard specifying the requirements for an information security management system (ISMS).
What is ISO 27001 certification?
Independent confirmation by an accredited certification body that your ISMS meets the ISO 27001 requirements.
How does ISO 27701 relate?
ISO 27701 extends an ISO 27001 ISMS with privacy information management, aligning it with obligations like GDPR.
Move toward ISO 27001 certification.
Build the ISMS in a hands-on workshop and tool it with open-source GRC.