Skip to main content

ISO/IEC 27001: Information security, cybersecurity and privacy protection — Information security management systems — Requirements

The ISO/IEC 27001 is a standard for Information Security Management Systems (ISMS) and provides guidance for establishing, implementing, maintaining and improving an ISMS:

"Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard." 1

It is part of the SO/IEC 27000 family, which provides standards for establishing information security management in organizations.

The three principles of information security in ISO/IEC27001 are the so called CIA triad: Confidentiality, Integrity,Availability.


Footnotes

  1. ISO/IEC 27001:2022: en (retrieved 20.05.2025)