GLOBAL · Framework

ISO 27001 — ISO/IEC 27001 Information Security Management

ISO/IEC 27001 specifies requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) in the context of the organisation.

What it is

ISO/IEC 27001 specifies requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) in the context of the organisation.

Global · ISO/IEC 27001:2022 current edition

Who it binds

Any organisation wishing to demonstrate its information security; voluntary but required by many contracts, procurement processes and sectoral regulators.

Key obligations

An ISMS scope and risk assessment
Risk treatment with Annex A controls selected on the basis of risk
Internal audits and management reviews
Continual improvement and certified external audit for certification

How CCI addresses it

CySSURANCE maps Annex A controls to your estate and computes the coverage gap; EviGen automates the evidence bundle that ISO 27001 auditors require.

EviGen → CySSURANCE platform →

Official source

ISO/IEC 27001:2022

https://www.iso.org/standard/27001

The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.

← All frameworks