ISO develops international standards in a broad range of sectors. 

ISO/IEC 27001

ISO/IEC 27001 was developed to help organizations, regardless of size, sector, or country, protect their information in a systematic and cost-effective way by adopting an ISMS—a set of policies, procedures, processes, and systems that manage information risks. 

ISO/IEC 27001 certification is globally recognized as a benchmark of effective information asset management. Organizations that are ISO/IEC 27001certified go through a series of audits to demonstrate that they are fully compliant with its best practices for keeping confidential information secure. Benefits of achieving ISO/IEC 27001certification include: 

• Satisfying different commercial, contractual, and legal regulatory requirements, such as Sarbanes Oxley Act (SOX), NIST CSF, and the GDPR, as compliance with 27001 means selecting and implementing the same security controls these regulatory bodies require.
• Gaining a competitive advantage for winning new business and retaining customers; certification proves the organization has taken the steps to protect data confidentiality, integrity, and availability.

ISO/IEC 27001 released a new version in October 2022 designed to address growing global cybersecurity challenges and improve digital trust. It specifies requirements for how an organization can establish, implement, maintain, and continually improve its ISMS and includes guidance on how organizations can assess and treat their specific information security risks. 

ISO/IEC 27002 

ISO/IEC 27002 is not a certification; it is a set of guidelines that provide information security controls designed for organizations to use:

• When implementing 27001 
• When implementing information security controls
• For creating organization-specific information security management guidelines

ISO/IEC 27002 was updated in October 2022 to correspond to the new 27001 release.