ISO 27001 is the international standard that establishes requirements for an information security management system (ISMS).
ISO/IEC 27001 specifies requirements for establishing, implementing, maintaining and improving an ISMS within the context of the organization. It includes requirements for the assessment and treatment of information security risks tailored to each entity's needs.
Requires systematically identifying, assessing and treating information security risks.
The 2022 version includes 93 controls organized in 4 categories: organizational, people, physical and technological.
Certification is issued by independent accredited bodies, not by consultants or internal auditors.
The 2022 version restructured Annex A controls from 114 to 93, organizing them into 4 categories instead of 14. The main body of requirements (clauses 4-10) had minor changes.
It depends on the organization's size and maturity. A gap analysis allows estimating the real effort. On average, mid-sized organizations require 6 to 12 months.
It is not legally mandatory in most jurisdictions, but many sectors (financial, health, government) require it contractually. Regulations like GDPR reference its controls.
Assessment within 72 business hours. ISO methodology. No ties to certification bodies.
Request diagnosis