ISO/IEC 27001

Information technology — Security techniques

(Information security management systems — Requirements)

ISO/IEC 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system in an organization. The requirements are grouped into a total of 10 clauses. Clauses 4 through 10 are mandatory for claiming conformity to ISO/IEC 27001. Clauses 4 through 10 cover the following:

  • Context of the Organization

  • Leadership

  • Planning

  • Support

  • Operation

  • Performance Evaluation

  • Improvement

ISO/IEC 27002 is the Annex A to ISO/IEC27001. It contains comprehensive list of control objectives and controls for information security risk treatments. The control objectives and controls are grouped into 14 domains with a total of 114 controls. The domains are as listed below:

Our Related Services

Our team of experienced consultants can assist in the following areas:

  • Establishing a compliance management solution for ongoing monitoring, maintenance, and maturation of your cybersecurity management/governance efforts

  • Performing risk analysis for resources and business processes in the target environment

  • Performing gaps analysis of your current cybersecurity management practice against the requirements of ISO27001, and providing recommendations for closing identified gaps

  • Improving related business processes and developing or enhancing necessary security policies and procedures

Give us a call at 954-362-7113 or schedule an appointment for a free consultation to get started.

More about other frameworks and standards

NIST SP800-53

NIST Cybersecurity Framework (CSF)

CSA Cloud Controls Matrix (CCM)

Payment Cards Industry Data Security Standard (PCI DSS)

Cybersecurity Maturity Model Certification (CMMC) 2.0 Framework

SWIFT Customer Security Controls Framework

General Data Protection Regulation (GDPR)