ISO 27001 is an international standard that provides guidelines for establishing, implementing, maintaining, and continually improving an information security management system (ISMS)

ISO 27001 is designed to help organisations manage the security of assets such as financial information, intellectual property, employee details, and information entrusted by third parties. The requirements for aligning to this standard are seperated into two components:

  • Clauses: The ideas/framework for an organisation to follow when managing risks.
  • Controls: Specific measures an organisation can implement to manage and reduce risks.

When assessing an organisation on their alignment with this standard, the ISO 19011 methodology of Management Systems auditing should be followed.