ISO 27001



ISO/IEC 27001:2022 is a standard for information security management systems (ISMS) that provides
guidance for establishing, implementing, maintaining, and continually improving an information
security management system 1. It is the world’s best-known standard for ISMS and is applicable to
companies of any size and from all sectors of activity 1. The standard defines requirements that an
ISMS must meet and provides a tool for risk management, cyber-resilience, and operational
excellence 1.
The standard was most recently established in 2022 by the International Organization for
Standardization (ISO) and the International Electrotechnical Commission (IEC) 1. It replaces the
previous version, ISO/IEC 27001:2013, and includes requirements for the assessment and treatment of
information security risks tailored to the needs of the organization 2.