ISO 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005 and then revised in 2013. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. A European update of the standard was published in 2017. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit.
There are 114 controls in 14 groups and 35 control categories:A.5: Information security policies (2 controls)A.6: Organization of information security (7 controls)A.7: Human resource security - 6 controls that are applied before, during, or after employmentA.8: Asset management (10 controls)A.9: Access control (14 controls)A.10: Cryptography (2 controls)A.11: Physical and environmental security (15 controls)A.12: Operations security (14 controls)A.13: Communications security (7 controls)A.14: System acquisition, development and maintenance (13 controls)A.15: Supplier relationships (5 controls)A.16: Information security incident management (7 controls)A.17: Information security aspects of business continuity management (4 controls)A.18: Compliance; with internal requirements, such as policies, and with external requirements, such as laws (8 controls)
