Home / ISO 27001 Glossary of Terms / Compliance with policies and standards for information security

Compliance with policies and standards for information security

13/09/2025

Author: Stuart Barker | ISO 27001 Expert and Thought Leader

Making sure your business follows its own rules for security. It means everyone must obey the policies and standards that protect important information. This helps keep data safe from harm, loss, or theft.

Examples

  • Employee training: An employee learns to spot a fake email (phishing) because the company’s security policy requires training.
  • Password rules: A worker creates a strong password for a new account because the company has a policy that all passwords must be complex.
  • Access control: A manager only lets certain people view sensitive files, as stated in the company’s security rules.

Context

This control is about putting your security plan into action. You can have great rules on paper, but they won’t work unless people actually follow them. This requires clear policies, training for all staff, and a way to check that everyone is doing what they should. It ensures that security is a part of daily work, not just a plan that sits on a shelf.

Relevant ISO 27001 Controls

The following controls from the ISO/IEC 27001:2022 standard are related to compliance with standards and policies:

About the author

Stuart Barker is an information security practitioner of over 30 years. He holds an MSc in Software and Systems Security and an undergraduate degree in Software Engineering. He is an ISO 27001 expert and thought leader holding both ISO 27001 Lead Implementer and ISO 27001 Lead Auditor qualifications. In 2010 he started his first cyber security consulting business that he sold in 2018. He worked for over a decade for GE, leading a data governance team across Europe and since then has gone on to deliver hundreds of client engagements and audits.

He regularly mentors and trains professionals on information security and runs a successful ISO 27001 YouTube channel where he shows people how they can implement ISO 27001 themselves. He is passionate that knowledge should not be hoarded and brought to market the first of its kind online ISO 27001 store for all the tools and templates people need when they want to do it themselves.

In his personal life he is an active and a hobbyist kickboxer.

His specialisms are ISO 27001 and SOC 2 and his niche is start up and early stage business.