ISO 27001

ISO 27001


ISO 27001 Information Security Management Systems is an international standard for information security. ISO 27001’s best-practice approach helps organisations manage their information security by addressing people, processes, and technology.

Break down of requirements

15 sections, 35 sub-sections, 114 controls

Best suited for

Any business who wishes to implement risk-based security program and/or achieve ISO 27001 Certification. The standards set out under the ISO 27000 family propose a risk based approach to managing information security. Some organisations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed.

Can a business be certified or assessed against this standard?

Businesses can pay for an independent review of their information security program to achieve certification against this standard. Certifications last for 3 years and require surveillance assessment to be conducted in year 1 or 2.

Who can assess or audit a business against this standard?

Accredited ISO certification providers

Governed by

International Organization for Standardization (ISO)

Region focus


How InfoSecAssure can help you align to this standard or framework?

Discover the power of InfoSecAssure, your ultimate ally in safeguarding your business! Unveil a seamless journey towards ISO 27001 compliance as our platform offers expert guidance throughout the assessment process. Unravel vital insights into control requirements, conduct efficient control testing, and grasp the exact evidence an auditor seeks. Behold the magic of instant dashboard feedback, unveiling your outstanding achievements. Additionally, create meticulously detailed reports that seamlessly align findings with risks and controls. Join InfoSecAssure today and unlock the realm of security and success for your business!

Book a free demonstration or talk to one of our team today to uncover how we can help ensure you align to standards while also understanding your risks and knowing what action to take to keep your business secure.