Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is the ISO 27001 security standard?

The ISO/IEC 27001 standard provides requirements for information security management systems (ISMS). Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the ISO 27001 security standard is a set of best practices that support organizations in managing their information security by addressing people, processes, and technology. The standard applies to organizations of any size or type and is technology- and vendor-neutral.


‍The ISO/IEC 27001 standard engages a risk-based approach to information security, requiring organizations to identify information security risks pertinent to their organization and the space in which they operate, and to select the appropriate controls to address those risks.


‍ISO 27001 comprises 114 controls divided into 14 categories. There is no requirement to implement the full list of ISO 27001’s controls; rather, they are possibilities for an organization to consider based on its particular needs. The 14 categories are:


  • Information security policies
  • Organization of information security and assignment of responsibility
  • Human resource security
  • Information asset management
  • Employee access control
  • Encryption and management of sensitive information
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development, and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance

‍ISO 27001 is a world-class standard that can support an organization in proving its security practices to potential customers. The full standard provides a wide range of controls an organization can utilize to ensure its approach to information security is comprehensive.

Additional resources you might like:

Security
Event
Building security programs that reduce risk

In today’s evolving threat landscape, compliance is only the first step—resilience is the ultimate goal. That’s why Vanta and Huntress have teamed up to help you achieve true cybersecurity resilience.

Security
Blog
How to protect your physical infrastructure with AWS and Vanta

In this blog, we’ll cover physical and environmental infrastructure, explaining what AWS does to protect the cloud centers that store your data and what other security steps you need to take.

Security
Blog
From automated compliance to AI: How investors are prioritizing security

AI and cybersecurity are top strategic priorities for companies at every scale. See how investors are thinking about security in our increasingly-AI driven world.

Additional resources you might like:

Security
Event
Building security programs that reduce risk

In today’s evolving threat landscape, compliance is only the first step—resilience is the ultimate goal. That’s why Vanta and Huntress have teamed up to help you achieve true cybersecurity resilience.

Security
Blog
How to protect your physical infrastructure with AWS and Vanta

In this blog, we’ll cover physical and environmental infrastructure, explaining what AWS does to protect the cloud centers that store your data and what other security steps you need to take.

Security
Blog
From automated compliance to AI: How investors are prioritizing security

AI and cybersecurity are top strategic priorities for companies at every scale. See how investors are thinking about security in our increasingly-AI driven world.

Security
Event
Enhancing Security with Trust Center

What is a Trust Center, and how can growing businesses leverage one to proactively demonstrate their commitment to security?

Security
Blog
What is continuous security monitoring?

What is continuous security monitoring and why is it crucial to your business? Learn about continuous monitoring and best practices for ensuring security within your organization.

Security
Blog
Lessons from Vanta’s WebAuthn migration

Rob Picard and Jess Chang from Vanta's Security team explain why and how we migrated to WebAuthn as the mandatory way to log into Okta.

Security
Event
Ask Me (Almost) Anything: AI & Compliance

Wondering about AI and what it means for your company’s compliance program? You can ask these privacy and security experts (almost) anything! Join Vanta’s AM(almost)A on June 27 at 10 am PT and 1 pm ET to connect with Matt Cooper, Senior Manager of Privacy, Risk, & Compliance, and Rob Picard, Security Lead, on emerging trends in AI and compliance. They’ll answer questions and share practical advice to help you navigate this evolving landscape and stay ahead of the curve.

Security
Guide
How to minimize third-party risk with vendor management

Get insights and best practices from security & compliance experts on how to manage third-party vendor risk in this free guide.

Compliance
Event
Vanta in Action: Compliance Automation

Demonstrating security compliance with a framework like SOC 2, ISO 27001, HIPAA, etc. is not only essential for scaling your business and raising capital, it also builds an important foundation of trust.

Get compliant and
build trust, fast.

Two wind turbines on a white background.
Get compliant and build trust,
fast.
Get started