Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Events
Glossary
Guides

Follow us

GLOSSARY
ISO 27001
ISO 27001 security standard

What is the ISO 27001 security standard?

The ISO/IEC 27001 standard provides requirements for information security management systems (ISMS). Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the ISO 27001 security standard is a set of best practices that support organizations in managing their information security by addressing people, processes, and technology. The standard applies to organizations of any size or type and is technology- and vendor-neutral.


‍The ISO/IEC 27001 standard engages a risk-based approach to information security, requiring organizations to identify information security risks pertinent to their organization and the space in which they operate, and to select the appropriate controls to address those risks.


‍ISO 27001 comprises 114 controls divided into 14 categories. There is no requirement to implement the full list of ISO 27001’s controls; rather, they are possibilities for an organization to consider based on its particular needs. The 14 categories are:


  • Information security policies
  • Organization of information security and assignment of responsibility
  • Human resource security
  • Information asset management
  • Employee access control
  • Encryption and management of sensitive information
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development, and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance

‍ISO 27001 is a world-class standard that can support an organization in proving its security practices to potential customers. The full standard provides a wide range of controls an organization can utilize to ensure its approach to information security is comprehensive.

Additional resources you might like:

Blog
Company news

Accelerating international momentum: Announcing Vanta’s EU data centre

Today we’re excited to announce the opening of our new EU data centre, in addition to launching localised product features, updated policy frameworks, and an expanded partner ecosystem.

Blog
SOC 2

How kobalt.io provides big security for small businesses with Vanta

Partnership with Vanta delivers more certifications, happier customers, and business growth for Kobalt.io.

Blog
Product updates

New in Vanta | February 2023

February’s product update includes many exciting announcements from Vanta. We announced Custom Frameworks and Controls and other improvements to the Vanta experience.

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Everything you need to get compliance audit ready, fast.

GET STARTED TODAYGET STARTED TODAY

Vanta is the easy way to get and stay compliant. Thousands of fast-growing companies depend on Vanta to automate their security monitoring and get ready for security audits in weeks, not months. Simply connect your tools to Vanta, fix the gaps on your dashboard, and then work with a Vanta-trained auditor to complete your audit.

Products
SOC 2ISO 27001GDPRHIPAAPCI DSSCCPAAdditional FrameworksIntegrations
Customers
Customer Case Studies
Resources
BlogsGuidesGlossaryVideosAll Resources
Company
AboutCareersPressSecuritySystem StatusTrust Report
Manage CookiesTermsPrivacy