Home / ISO 27001 Glossary of Terms / Information security in project management

Information security in project management

13/09/2025

Author: Stuart Barker | ISO 27001 Expert and Thought Leader

Information security in project management means protecting a project’s data and information from harm. It’s about making sure that the information used in a project stays confidential (private), has integrity (is accurate), and is available (can be accessed when needed). Think of it as building a strong fence around a garden. The fence keeps the plants safe from pests, just like information security keeps project data safe from threats.

Examples

  • Protecting plans: A project team needs to create a new mobile app. The plans for the app, including its features and code, are very secret. Using information security, the team keeps these plans on a secure computer system with passwords so only the right people can see them.
  • Securing communications: When team members talk about the project, they use secure email or chat apps. This stops others from reading their messages. This is like whispering a secret in someone’s ear instead of shouting it in a crowded room.

Context

When managing a project, there are many risks. A risk is something that could go wrong. Some risks are about money or time. Other risks are about information. Information security helps manage these risks. It’s not just a one-time thing. It’s a process that happens at every step of a project, from the very beginning to the very end. The project manager is responsible for making sure these security steps are followed.

Relevant ISO 27001 Controls

The following controls from the ISO/IEC 27001:2022 standard are related to access control:

About the author

Stuart Barker is an information security practitioner of over 30 years. He holds an MSc in Software and Systems Security and an undergraduate degree in Software Engineering. He is an ISO 27001 expert and thought leader holding both ISO 27001 Lead Implementer and ISO 27001 Lead Auditor qualifications. In 2010 he started his first cyber security consulting business that he sold in 2018. He worked for over a decade for GE, leading a data governance team across Europe and since then has gone on to deliver hundreds of client engagements and audits.

He regularly mentors and trains professionals on information security and runs a successful ISO 27001 YouTube channel where he shows people how they can implement ISO 27001 themselves. He is passionate that knowledge should not be hoarded and brought to market the first of its kind online ISO 27001 store for all the tools and templates people need when they want to do it themselves.

In his personal life he is an active and a hobbyist kickboxer.

His specialisms are ISO 27001 and SOC 2 and his niche is start up and early stage business.