ISO 27001

ISO 27001 Compliance Audit

The ISO/IEC 27001 international standard for “Information technology — Security techniques — Information security management systems — Requirements” was originally published by the ISO and IEC in 2005 and is based upon the earlier British standard BS7799. Revised in 2013 and again in 2022, ISO/IEC 27001 specifies the requirements that your ISMS will need to meet in order for your organization to become certified to the standard. The requirements in ISO/IEC 27001 are supplemented by guidance contained in ISO/IEC 27002 and this is where the controls in Annex A of ISO27001 come from. ISO/IEC 27002 is well worth reading as it fills in some of the gaps in understanding how the requirements in ISO/IEC 27001 should be met and gives more clues about what the auditor may be looking for.

  • Understand your company risk picture.
  • Protect your business from security threats.
  • Ensure data privacy (PII*) and integrity.
  • Avoid regulatory breaches and fines.
  • Prevent financial loss caused by a security breach.
  • Protect your company reputation.
  • Reduce number of audits needed to meet contractual requirements.
  • Gain a competitive edge.
ISO 27001 Compliance Audit Methodology