Skip to content
Home / Function (NIST CSF 2.0) / GV - Govern / RM - Risks Mgt

ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements

This document focuses on:

ISO 27001 is an internationally recognized standard that provides a comprehensive framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) within any organization. Its primary goal is to protect the confidentiality, integrity, and availability of information by systematically identifying and managing security risks through risk assessment and the implementation of appropriate controls. The standard is structured around a set of mandatory clauses (covering areas such as organizational context, leadership, planning, support, operation, performance evaluation, and improvement) and Annex A, which lists 93 controls grouped into organizational, people, physical, and technological categories. By following ISO 27001, organizations can demonstrate their commitment to data security, comply with legal and regulatory requirements, and reduce the likelihood of data breaches or other information security incidents


Publication's URL

https://www.iso.org/standard/27001

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *