The International Organization for Standardization (ISO) 27001 is a set of globally standardized requirements and guidelines that ensure an organization is following best practices for protecting the security of sensitive information.
The goal of ISO 27001 is to help companies and IT departments pinpoint potential areas of security weakness through risk assessment and then put safeguards into place in order to prevent future attacks, breaches, or loss of data.
What ISO 27001 Covers
ISO 27001 requires management to do a deep dive into the organization’s security risks, develop a comprehensive risk management plan, and ensure that security protocols are updated on a regular basis. There are six security areas covered in ISO 27001 along with fourteen domains/categories. The six security areas are:
- Company security policy
- Asset management
- Physical & environmental security
- Access control
- Incident management
- Regulatory compliance
The domains covered by ISO 27001 include the following:
- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operational security
- Communications security
- System acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance
