ISO 27001

ISO 27001 is the international standard for Information Security. Often a requirement of clients that want to do business with you. An internationally recognised accredited certification is required. Examples of accredited certification bodies include a UKAS certificate in the UK and a ANAB certificate in the US. Read the ISO 27001 FAQ.

ISO 27001 Certification

ISO 27001 certification
ISO 27001 Certification

Get an ISO 27001 Certification

ISO 27001 Policies

ISO 27001 Policies
ISO 27001 Policies

All information security policies and templates

ISMS Documents

ISO 27001 Documents
ISO 27001 Documents

All information security management systems documents

ISO 27001 Controls

ISO 27001 Controls
ISO 27001 Controls

ISO 27001 Controls / Annex A

ISO 27001 FAQ

What does ISO 27001 mean?

ISO 27001 is the name and designation given to the international standard for information security. It is an information security management system. It is a series of information security policies, information security documents, information security controls and processes for the management of information security. As a standard you can be assessed against it and a certificate can be issued to demonstrate that you meet the requirements of the standard.

What is the purpose of the ISO 27001 standard?

There are two goals for the ISO 27001 standard. The first goal is to provide a bench mark and frame work against which businesses can operate for best practice of information security protection. The second goal is to be able to demonstrate through independent certification that business meets the requirements of the international standard for information security and there by provide assurance that the business is operating to a certain level.

Does ISO 27001 cover GDPR?

ISO 27001 can provide a framework to satisfy aspects of GDPR, especially around principle 6 maintain adequate security. It does not make you GDPR compliant and it does not satisfy all of the requirements of the GDPR. Consider it as a complimentary standard and complimentary framework.

What is the current version of ISO 27001?

At the time of writing ISO/IEC 27001:2013 is the most current version of the standard and incorporates changes made in 2017.

How do I check if a company is ISO 27001 certified?

The easiest way is to request a copy of their most up to date certificate and scope statement. You can check the date of the certificate to ensure that it is valid. The certificate will tell you the name of the certification body. You can then search the certification body website for a register of companies that they have certified.

Is ISO 27001 a legal requirement?

In general no. It can be a requirement of a regulatory body or of a contract but it is not a legal requirement in the widest sense of law. Unlike the GDPR which is a law.

Is ISO 27001 mandatory?

ISO 27001 is only mandatory if an industry regulator mandates it or a contract between you and a customer or supplier mandates it. It is a framework based on risk and as such even the controls within the standard are not mandatory.

Who does ISO 27001 apply to?

The ISO 27001 standard and ISO 27001 certification apply to any business that wants to operate to it and demonstrate best practice for information security management. The number one reason we see a business adopt the ISO 27001 certification is for commercial gain and as a result of being asked for it by a customer on which a commercial contract rests.

Is ISO 27001 a framework?

Yes. ISO 27001 is a framework made up of policies, documents, controls and processes. It is a risk based framework with continual improvement at it’s heart. It requires top level, leadership commitment.

Scroll to Top