The international standard that specifies the requirements for an information security management system (ISMS) and is the most widely recognized security certification.
ISO/IEC 27001 sets out the requirements for establishing, operating, and improving an ISMS. It is risk-based: organizations assess their information security risks and select controls, drawing on the Annex A catalogue, to treat them.
Certification by an accredited body is valid for three years, with surveillance audits in between. The current version is ISO/IEC 27001:2022, which updated Annex A to four control themes.
KaitoSec