Compliance

ISO 27001

An international standard for information security management systems (ISMS) — the most widely recognised security certification.

ISO/IEC 27001 is an international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Key Components

  • Risk assessment — identify threats and vulnerabilities
  • Security controls — 93 controls across 4 themes (organizational, people, physical, technological)
  • Continuous improvement — regular audits and reviews
  • Certification — awarded by accredited certification bodies after a successful audit

Relationship to GDPR

ISO 27001 helps demonstrate compliance with GDPR Article 32 (security of processing). While ISO 27001 certification is not required by the GDPR, it provides strong evidence of appropriate security measures.

Related Terms

GDPRLegal

The General Data Protection Regulation — the EU's comprehensive data protection law, effective since May 2018.

PCI DSSCompliance

Payment Card Industry Data Security Standard — a set of security requirements for organisations that handle credit card data.

SOC 2Compliance

A compliance framework for service organisations based on five trust service criteria: security, availability, processing integrity, confidentiality, and privacy.

Audit TrailCompliance

A chronological record of system activities that provides evidence of who did what, when, and why.