Law and standards
ISO/IEC 27001
What is ISO 27001?
ISO/IEC 27001 is the international standard for an information security management system. It describes how an organisation records, treats and continuously reviews its security risks.
The standard does not prescribe any particular technical product. It requires a traceable process: define the scope, assess the risks, select measures, measure whether they work and improve them.
Certification is carried out by an accredited certification body and is a sizeable project for most mid sized companies. A gap analysis shows in advance how far away certification is and which gaps to close first.
All terms in the knowledge base
Note: This entry reflects the state of knowledge to the best of our understanding and serves as general orientation. It is not legal advice. What counts is always the version currently in force at the responsible body, for example dsb.gv.at, nis.gv.at or enisa.europa.eu.
From the term to practice
Where does your business actually stand?
The IT Check reviews your IT across 8 audit areas with more than 100 individual checks and delivers documented findings with a prioritised action plan. From 1,299 € excl. VAT. The first call takes 20 minutes and carries no charge.