ISO/IEC 27001:2022 is the international standard for managing information security within organisations. It was originally published in 2005, and has since been updated twice – firstly in 2013, and more recently in 2022. The standard sets out requirements for establishing, implementing, maintaining and continually improving an information security management system, or ISMS.

In a nutshell, ISO27001 requires organisations to systematically assess their information security risks including threats, vulnerabilities and impacts, and then address those risks through a comprehensive set of controls. The standard also requires ongoing review and assessment to ensure that the security controls continue to address potential risks on an on-going basis.

There are other well-known information security standards published by various organisations and governments around the globe including NIST and SOC2 (USA), and in Australia, the ISM and Essential 8, however ISO27001 is widely accepted as the only true global standard for information security management. As with other ISO standards, it is supported and managed by member organisations across 167 countries, ensuring standards are consistent and globally recognized.