ISO/IEC 27001

Discover the 12 basic requirements of the ISO/IEC 27001 international cybersecurity standard and how Fortra’s solutions are poised to help you comply.

What Is ISO/IEC 27001?

badges

ISO/IEC 27001 is an international standard that provides best practices for an information security management system (ISMS). This framework provides organizations with a comprehensive approach, which includes people, process, and technology. Certification is available for both organizations and individuals and demonstrates that the organization’s ISMS aligns to security best practices.

ISO/IEC 27001 Compliance Checklist

ISO/IEC 27001 is also known as ISO 27001 and is part of the ISO/IEC 27000 series. It was published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as a framework to design, implement, monitor, maintain, and continually improve an ISMS. There are more than 40 standards in the series, but this is the primary one because it defines the core requirements of an ISMS.

The requirements for ISO 27001 standard are:

Information Security Policies

Define, review, and approve policies along with documentation and communication with employees and business partners

Organization of Information Security

Define roles and responsibilities along with proper separation of duties to reduce unintentional or misuse of assets

Human Resource Security

Ensure employees and contractors need to be aware of their security responsibility

Asset Management

Discover, identify, and classify assets including systems and data

Access Control

Regulate and monitor users access to applications and data

Cryptography

Protect confidentiality and integrity of information

Operations Security

Identify and mitigate risks before they are exploited by bad actors

Communication Security

Protect communications from unauthorized access

System Acquisition, Development, and Maintenance

Implement security throughout the development lifecycle

Supplier Relationships

Mitigate risks with third-party business partners

Information Security Incident Management

Implement processes and procedures for limiting the impact of an incident

Compliance

Ensure organization adheres to applicable regulatory mandates

Fortra and the ISO/IEC 27001

Fortra’s portfolio of solutions for infrastructure protection and data security help organizations meet the ISO/IEC 27001 standard.

Human Resource Security

Asset Management

Access Control

Cryptography

Operations Security

Communications Security

System Acquisitions, Development, and Maintenance

Supplier Relationships

Information Security Incident Management

Compliance

Need more than ISO 27001 compliance? We can help.

From HIPAA to SOX, ITAR to GDPR, we’ve got the resources to help you comply with whatever compliance standard comes your way – now, and as they evolve. To find out more, chat with Fortra today.

Contact Us