Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice, and delivers an independent, expert assessment of whether your data is adequately protected.
What Is ISO 27001?
ISO 27001 is an information security standard which was published originally in 2005 and superseded by an updated standard in 2013. It defines the specifications for an information security management system. Although certification is not required, an optional certification can be earned upon successful completion of an official ISO 27001 audit conducted by an independent, accredited certification body.
Who Oversees It?
The International Organization for Standardization (ISO).
ISO 27001 Structure
The ISO 27001 standard describes a number of risk mitigation controls in order to maintain a high level of information security. There are currently 114 controls in 14 groups.
Control groups include:
- Information Security Policies
- Organization of Information Security
- Human Resource Security
- Asset Management
- Access Control
- Physical and Environmental Security
- Operations Security
- Communications Security
- System Development and Maintenance
- Supplier Relationships
- Information Security Incident Management
- Business Continuity
- Internal Compliance
For more information about the ISO 27001 standard and a detailed look at the controls and requirements for meeting an ISO 27001 audit, please see the official standard website