ISO / IEC 27001 is a global standard designed to establish, maintain and continuously improve an enterprise information security management system (ISMS) to protect corporate data in a holistic manner.
It was jointly developed and maintained by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The first version of the standard (27001: 2005) was published in 2005. The current version is 27001: 2013, while the next major update is expected to be released by the ISO / IEC in 2021 or early 2022.
The overarching ISO 27001 standard covers people, technology and processes within the covered organization and provides multidimensional protection against different types of risks and threats. The standard also implies strong management commitment and support for information security at all levels of the organization.
In addition to traditional cyber security requirements, ISO 27001 covers areas such as business continuity and disaster recovery, human risk management and security awareness, physical protection of non-digital information and regulatory compliance. It is considered one of the most inclusive data protection standards that goes far beyond technology and IT processes.
Large companies can spend several years implementing all the requirements before achieving the desired certification. Interestingly, and unlike other well-known security standards such as NIST 800-53 or NIST 800-171, the text of the ISO 27001 standard is not publicly available and must be purchased for a small fee on the ISO website in a PDF or paper format.
For GDPR implementation, contact a DPO.