ISO

ISO/IEC 27001 is the international standard for an Information Security Management System (ISMS) — a risk-based, process-driven program rather than a fixed checklist. 27001 contains the certifiable requirements; its companion 27002 is the detailed control catalog you draw from. Certification is granted by an accredited external auditor and maintained on a roughly three-year cycle with annual surveillance audits.