ISO 27001
Definition
ISO 27001 is the international standard for information security that provides organisations with a framework for establishing, implementing and managing an Information Security Management System (ISMS).
ISO 27001 specifies requirements for establishing, implementing, maintaining and continually improving an ISMS. The standard encompasses 93 security controls across 4 themes: organisational, people, physical and technological controls.
Certification is not mandatory but is increasingly required by clients, partners and government agencies as proof of serious information security. The process requires a gap assessment, implementation of missing controls and an audit by an accredited certification body.
ISO 27001 offers synergy with NIS2 and DORA: organisations already ISO 27001-certified have a strong foundation for compliance with these regulations.