ISO 27001 Request for Information

Please provide your phone number if you wish for us to contact you by telephone.

The ISO 27001 Standard

ISO/IEC 27001 is intended to be used with ISO/IEC 27002, the Code of Practice for Information Security Management, which lists objectives, controls, and implementation guidelines. Organizations that implement an ISMS in accordance with ISO/IEC 27002 are likely to also meet the requirements of ISO/IEC 27001. This ISO standard is the first in a family of information security related standards which are assigned numbers in the 27000 series. They include:

  • ISO/IEC 27000 – a vocabulary or glossary of terms used in the ISO 27000-series standards
  • ISO/IEC 27002 – the code of practice
  • ISO/IEC 27003 – the ISMS implementation guide
  • ISO/IEC 27004 – the standard for information security measurement and metrics
  • ISO/IEC 27005 – the standard for risk management
  • ISO/IEC 27006 – the guide to the certification process
  • ISO/IEC 27007 – the guide for information security auditing
  • ISO/IEC 27010 – the guide for inter-sector and inter-organizational communications
  • ISO/IEC 27011 – the guide for telecomms based organizations
  • ISO/IEC 27019 – the guide for process control systems in the energy utility industry
  • ISO/IEC 27799 – Healthcare informatics – Information security in healthcare organizations

Control Objectives and Controls

In addition to the clauses of the ISO/IEC 27001 standard, minimum control objectives and controls are located in the Annex (i.e. Annex A Controls). Minimally, these objectives and controls shall be a part of the ISMS. Additional objectives and controls may be necessary, depending on legal and regulatory, customer, and the organization’s requirements.