United Kingdom
Select regional store:

ISO 27001, the International Information Security Standard

What is ISO 27001?

ISO 27001 (ISO/IEC 27001:2013) is the international standard that provides the specification for an information security management system (ISMS). 

The Standard is designed to help organisations manage their information security processes in line with international best practice while optimising costs.

ISO 27001 is technology and vendor neutral and is applicable to all organisations - irrespective of their size, type or nature.

What is an ISMS?

An ISMS provides a systematic approach to managing information security. It consists of policies, procedures and other controls involving people, processes and technology to help organisations protect and manage all their data

To find out more about what an ISMS is, download our free infographic.

ISO 27001 benefit one - Protect your data

Learn more about
ISO 27001

Download free reports, brochures, infographics and green papers to guide you through your ISO 27001 project.

View free
ISO 27001 Resources

ISO 27001 benefit two - Meet contractual and regulatory obligations with customised documentation

Get certified to
ISO 27001

Understand the ISO 27001 certification process, how to best go about it and discover solutions to support your project.

Get started with ISO 27001 certification

ISO 27001 benefit three- Reduce costs and save money

Achieve an ISO 27001 qualification

Gain industry-leading qualifications, and the practical skills to implement and audit an ISO 27001-compliant ISMS. 

View ISO 27001 Training and Qualifications

ISO 27001 benefit four - Increase your attack resilience

Simplify your ISO 27001 project

Implement ISO 27001 certification quickly and hassle-free with DIY packages, internal audits, managed services and more.

Shop ISO 27001

ISO 27001 and risk management

ISO 27001 emphasises the importance of risk management, which forms the cornerstone of an ISMS. All ISO 27001 projects evolve around an information security risk assessment - a formal, top management-driven process which provides the basis for a set of controls that help to manage information security risks.

By implementing an ISO 27001-compliant ISMS, organisations will be able to secure information in all its forms, increase their resilience to cyber attacks, adapt to evolving security threats and reduce the costs associated with information security.

ISO 27001 clauses and controls

Part of the ISO 27000 family of standards, ISO 27001 consists of 114 controls (from Annex A) and 10 management system clauses that together support the implementation and maintenance of an ISMS.

While ISO 27001 offers the specification for an ISMS, the Standard is supported by its code of practice for information security management, ISO/IEC 27002:2013.

Download the ISO 27001 management system clauses infographic

What is ISO 27001?

ISO/IEC 27001: 2013 controls

  • A.5 Information security policies
  • A.6 Organisation of information security
  • A.7 Human resources security
  • A.8 Asset management
  • A.9 Access control
  • A.10 Cryptography
  • A.11 Physical and environmental security
  • A.12 Operational security
  • A.13 Communications security
  • A.14 System acquisition, development and maintenance
  • A.15 Supplier relationships
  • A.16 Information security incident management
  • A.17 Information security aspects of business continuity management
  • A.18 Compliance

Information Security & ISO 27001 – An introduction - free pdf download

Download our free guide to ISO 27001

Discover the importance of ISO 27001 and how the standard can help you meet your legal and regulatory obligations.

Download now

ISO 27001 benefits

ISO 27001 is one of the most popular information security standards in the world, with certifications growing by more than 450% in the past ten years.

It is recognised globally as a benchmark for good security practice and enables organisations to achieve accredited certification following the successful completion of an audit.

ISO 27001 supports compliance with a host of laws, including the EU GDPR (General Data Protection Regulation) and the NIS Regulations (Network and Information Systems Regulations).

Learn more about the benefits of ISO 27001 certification

ISO 27001 benefit one - Protect your data

Protect your data, wherever it lives

An ISO 27001-compliant ISMS helps protect all forms of information, whether digital, paper-based or in the Cloud.

ISO 27001 benefit two - Meet contractual and regulatory obligations with customised documentation

Meet contractual and regulatory obligations

Certification demonstrates an organisation’s commitment to information security and provides a valuable credential when tendering for new business.

ISO 27001 benefit three- Reduce costs and save money

Reduce costs associated with information security

Thanks to the risk assessment and analysis approach of an ISMS, organisations can reduce costs spent on indiscriminately adding layers of defensive technology that might not work. 

ISO 27001 benefit four - Increase your attack resilience

Increase your attack resilience

Implementing and maintaining an ISMS will significantly increase your organisation’s resilience to cyber attacks.

ISO 27001 benefit five - Respond to evolving security threats - Protect your reputation

Respond to evolving security threats

Constantly adapting to changes both in the environment and inside the organisation, an ISMS reduces the threat of continually evolving risks.

ISO 27001 benefit six - Improve in-house company culture

Improve company culture

The Standard’s holistic approach enables employees to readily understand risks and embrace security controls as part of their everyday working practices.

Demonstrating GDPR compliance with ISO 27001 and ISO 27701

ISO/IEC 27701:2019 is an extension to ISO 27001, which expands its requirements to cover privacy management – including the processing of personal data/PII (personally identifiable information).

Implementing both ISO 27701 and ISO 27001 will enable you to meet the privacy and information security requirements of the EU GDPR and other data protection regimes, and demonstrate that you have management arrangements in place for “appropriate technical and organisational measures” to protect the personal data you process and uphold data subjects’ rights, in line with the EU GDPR’s accountability principle (Article 5(2)).

Learn more about ISO 27701

How to implement an ISO 27001-compliant ISMS

Implementing an ISO 27001-compliant ISMS involves several steps, of which the following are the most important:

  • Scoping the project
  • Securing management commitment and budget
  • Identify interested parties, and legal, regulatory and contractual requirements
  • Conduct a risk assessment
  • Review and implement the required controls
  • Develop internal competence
  • Develop the appropriate documentation
  • Conduct staff awareness training
  • Continually measure, monitor, review and audit the ISMS
  • Get certified

Discover our ISO 27001 implementation checklist and solutions

Ready to simplify your security? Let’s get started

Having led the world’s first ISO 27001 certification project, we are the global pioneer of the Standard. Let us share our expertise and support you on your journey to ISO 27001 compliance.

How IT Governance can help you

  • Our implementation methodology has been honed over 15 years.
  • We are known as the global authority on ISO 27001 – our management team led the world’s first ISO 27001 certification project (formerly known as BS 7799).
  • We offer everything you need to implement an ISO 27001-compliant ISMS – you don’t need to go anywhere else.
  • We guarantee certification (provided you follow our advice!).
  • You benefit from real-world practitioner expertise, not just academic knowledge.
  • We have trained more than 7,000 professionals on ISO 27001 implementations and audits worldwide.
  • We’ve helped more than 600 consultancy clients achieve certification to and compliance with ISO 27001.
  • We have a proven and pragmatic approach to assessing compliance with international standards, no matter the size or nature of your organisation.
  • Our pricing and proposals are completely transparent, so you won’t get any surprises.
  • We can help small organisations prepare for ISO 27001 certification in three months.
This website uses cookies. View our cookie policy