ISO/IEC 27001 is an international standard that provides guidance for managing information security. It is the most well-known standard for information security management systems (ISMS) in the world.
The standard was originally published in 2005, revised in 2013, and most recently in 2022. The 2022 version includes a condensed set of 93 Annex A controls, including 11 new controls.
The standard’s main principles are confidentiality, integrity, and availability, which are commonly referred to as the C-I-A triad. It provides guidance for organizations of any size or sector to:
- Establish, implement, maintain, and improve an ISMS
- Assess and treat information security risks
- Comply with legal and regulatory requirements related to information security
Organizations that comply with ISO/IEC 27001 have shown that they have a system in place to manage the security of their data and that they respect the best practices and principles of the standard.
