What is ISO/IEC 27001?
ISO/IEC 27001 is an international standard for implementing an information security management system (ISMS) published by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). ISO releases management system standards to help organizations organize business processes and procedures to achieve specific objectives.
The ISO/IEC 27001 standard enables organizations to secure sensitive data and reduce the risk of cyber attacks by outlining a set of globally accepted management procedures and information security controls.
Understanding the Certification
In order to obtain an ISO/IEC 27001 certification, an organization’s information security management system must meet the criteria established by the management clauses defined by the ISO/IEC 27001 standard.
In addition to the management clauses, there are 114 information security controls that may be included or omitted based on the risks the organization faces. Organizations must complete a risk assessment or gap analysis to identify these risks and in turn document the justification for inclusion/omission in the Statement of Applicability. Both the certification and Statement of Applicability are essential to understanding the security measures an organization has taken.
How does an ISO/IEC 27001 Certification benefit customers?
An ISO/IEC 27001 certification serves as a lens into an organization’s information security environment. In combination with the company’s Statement of Applicability (SoA), customers or prospects can rest assured that fundamental procedures and controls are in place to protect their data by means of a formal information security management system.
ISO/IEC 27001 at Shoplazza
Our official certification is stated below. For more information, please visit our compliance pages or reach out to our customer service.