What Is ISO/IEC 27001

What Is ISO/IEC 27001?

ISO/IEC 27001 (ISO 27001:2013) is also known as ISO 27001 and is part of the ISO/IEC 27000 series. It was published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as a framework to design, implement, monitor, maintain, and continually improve an Information Security Management System (ISMS). ISO/IEC 27001 accreditation requires an organization to bring information security under explicit management control. To achieve ISO 27001, organizations are formally audited and certified. Whilst not every organization will accredit to ISO 27001, many organizations globally use the standard to measure their security policies, processes and controls to ensure that:

Data handling practices comply with security requirements and sensitive data is protected and managed according to established policies
User activities comply with appropriate access and usage of sensitive data
Data at rest and in transit is encrypted, protecting sensitive information from unauthorized access and ensuring compliance with cryptographic controls
Detailed logs and audit trails are maintained, ensuring that all actions are recorded and anomalies can be detected promptly
Data transfers are secure and comply with security policies, preventing unauthorized interception or access during transmission

ISO/IEC 27001 Compliance Checklist

There are more than 40 standards in the series, but this is the primary one because it defines the core requirements of an ISMS.

The requirements for ISO 27001 standard are:

Information Security Policies

Define, review, and approve policies along with documentation and communication with employees and business partners

Organization of Information Security

Define roles and responsibilities along with proper separation of duties to reduce unintentional or misuse of assets

Human Resource Security

Ensure employees and contractors need to be aware of their security responsibility

Asset Management

Discover, identify, and classify assets including systems and data

Access Control

Regulate and monitor users access to applications and data

Cryptography

Protect confidentiality and integrity of information

Operations Security

Identify and mitigate risks before they are exploited by bad actors

Communication Security

Protect communications from unauthorized access

System Acquisition, Development, and Maintenance

Implement security throughout the development lifecycle

Supplier Relationships

Mitigate risks with third-party business partners

Information Security Incident Management

Implement processes and procedures for limiting the impact of an incident

Compliance

Ensure organization adheres to applicable regulatory mandates

Fortra and the ISO/IEC 27001

Fortra’s portfolio of solutions for infrastructure protection and data security help organizations meet the ISO/IEC 27001 standard.

Human Resource Security

Terranova Security Security Awareness Training

Asset Management

Tripwire Integrity Management
Digital Defense Vulnerability Management and Penetration Testing Services
Alert Logic Managed Security Services
Digital Guardian Data Loss Prevention
Data Classification
Digital Guardian Secure Collaboration

Access Control

Tripwire Integrity Management
Core Security Identify, Governance, Assurance

Cryptography

Powertech for IBM i

Operations Security

Tripwire Integrity Management
Powertech for IBM i
Alert Logic Managed Security Services
Core Security Penetration Testing and Security Consulting Services
Cobalt Strike Adversary Simulations and Red Team Operations
Outflank Security Tooling Offensive Security Tooling for Red Teams
Fortra Cloud Email Protection

Communications Security

Digital Guardian Data Loss Prevention
Digital Guardian Secure Collaboration
Agari DMARC Protection

System Acquisitions, Development, and Maintenance

Alert Logic Managed Security Services
GoAnywhere Secure File Transfer
Beyond Security Vulnerability Management and Application Security Testing
Tripwire Integrity Management
Core Security Penetration Testing and Security Consulting Services

Supplier Relationships

Terranova Security Security Awareness Training
Digital Guardian Secure Collaboration

Information Security Incident Management

PhishLabs Digital Risk Protection
Alert Logic Managed Security Services
Tripwire Integrity Management
Powertech for IBM i

Compliance

Tripwire Integrity Management
Powertech for IBM i
Core Security Penetration Testing and Security Consulting Services
Beyond Security Vulnerability Management and Application Security Testing

Fortra Can Help You Comply with ISO 27001

Risk Management

Assists in identifying and mitigating security risks by providing visibility into data flows and potential vulnerabilities, aligning with ISO 27001’s risk management requirements.

Encryption and Data Security

Provides encryption of data both in transit and at rest, ensuring that sensitive information is secure from potential breaches, in accordance with ISO 27001 guidelines.

Audit Trails and Reporting

Offers comprehensive audit trails and reporting capabilities to document security events, access patterns, and data handling practices, supporting the auditing and continuous improvement processes required by ISO 27001.

Incident Response and Management

Enables swift detection and response to security incidents, helping organizations meet ISO 27001’s requirements for managing and mitigating security events.

Continuous Compliance Monitoring

Provides tools to continuously monitor and assess compliance with ISO 27001 standards, ensuring that security measures are always aligned with regulatory requirements.

Need more than ISO 27001 compliance? We can help.

From HIPAA to SOX, ITAR to GDPR, we’ve got the resources to help you comply with whatever compliance standard comes your way – now, and as they evolve. To find out more, chat with Fortra today.

ISO/IEC 27001