Home / ISO 27001 Glossary of Terms

ISO 27001 Glossary of Terms

11/09/2025

Author: Stuart Barker | ISO 27001 Expert and Thought Leader

This ISO 27001 Glossary provides clear, concise definitions for all key terms in the ISO 27001 standard. An essential resource for professionals, students, or anyone navigating the world of information security, this guide will help you understand the standard and its requirements. It includes every term from access control to vulnerability, serving as a valuable reference.

Table of contents

A

Acceptable use

Access control

Access Rights

Addressing information security with supplier agreements

Antivirus

Asset Register

Assessment and decision on information security events

Audit

Audit Scope

Auditor

Authentication

Authentication Information

Availability

B

Backup

Backdoor

Base measure

Baseline

Benchmark

Behavioural controls

Board of Directors

Boundary

Breach

BS 7799

Business Continuity

Business Continuity Plan (BCP)

Business Impact Analysis (BIA)

Business Management System (BMS)

Business context

C

CIA Triad

Change Management

Classification of information

Collection of evidence

Compliance with policies and standards for information security

Confidentiality

Contact with authorities

Contact with special interest groups

Continual improvement

CCPA

D

Defence in depth

Disaster Recovery (DR)

Documented Information

Documented operating procedures

DORA

DDoS

I

Identification of legal, statutory, regulatory and contractual requirements

Identity Management

Information Security

Information Security Management System

Information Security Officer

Information Security Roles and Responsibilities

Information security event

Information security for use of cloud services

Information security during disruption

Information security in project management

Information security in supplier relationships

Information security incident management planning and preparation

Information Transfer

Integrity

Intellectual property rights

Internal Audit

Internal Issues

Interested Parties

Inventory of assets

ISO 27001:2013

ISO 27001:2022

ISO 27002:2022

ICT readiness for business continuity

Independent review of information security

E

Encryption

External Issues

G

GDPR

H

HIPAA

L

Labelling of information

Learning from information security incidents

Least privilege

M

Management Responsibilities

Managing information security in the ICT supply chain

Monitoring, review and change management of supplier services

N

Need-to-Know

NIS2

P

Policies

Policies for Information Security

Protection of records

Privacy and protection of PII

Protection of Systems During Audit Testing

Privilege Creep

R

Risk Owner

Role-based access control (RBAC)

Return of assets

Response to information security incidents

S

Scope

Scope Statement

Segregation of Duties

SOC 2

Supplier Agreement

T

Test Information

Threat Intelligence

U

User access management

V

Virus

Vulnerability

About the author

Stuart Barker is an information security practitioner of over 30 years. He holds an MSc in Software and Systems Security and an undergraduate degree in Software Engineering. He is an ISO 27001 expert and thought leader holding both ISO 27001 Lead Implementer and ISO 27001 Lead Auditor qualifications. In 2010 he started his first cyber security consulting business that he sold in 2018. He worked for over a decade for GE, leading a data governance team across Europe and since then has gone on to deliver hundreds of client engagements and audits.

He regularly mentors and trains professionals on information security and runs a successful ISO 27001 YouTube channel where he shows people how they can implement ISO 27001 themselves. He is passionate that knowledge should not be hoarded and brought to market the first of its kind online ISO 27001 store for all the tools and templates people need when they want to do it themselves.

In his personal life he is an active and a hobbyist kickboxer.

His specialisms are ISO 27001 and SOC 2 and his niche is start up and early stage business.