ISO/IEC 27001
< ISO
| Status | Active |
|---|---|
| First published | October 2005 |
| Latest version | 2022 |
| Organization | |
| Committee | ISO/IEC JTC 1/SC 27 |
| Series | ISO/IEC 27000 family |
| Predecessor | BS 7799 |
| Domain | Information security |
| Website | www |
ISO/IEC 27001 is an information security standard. It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Organizations with an ISMS that meet the standard's requirements can choose to have it certified by an accredited certification body following successful completion of an audit. There are also numerous recognized national variants of the standard.
It was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, with revisions in 2013 and 2022.