Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is ISO 27001?‍‍

ISO 27001 is a framework for managing IT security and sets out the specification for an information security management system (ISMS) that helps keep consumer data safe. Following the completion of an audit, an organization can be ISO 27001 certified by an auditor.

An accepted standard for organizations doing business outside of the United States, ISO 27001 proves your security to potential customers and businesses. Compliance with a world-class standard like ISO 27001 indicates a secure, reliable organization that can be trusted with customer data.

Who Needs ISO 27001 Certification?

ISO 27001 is a highly renowned standard across many industries and it has allowed businesses worldwide to secure their information systems and win the trust of their clients and partners. Find out why you may need ISO 27001 certification and how it can help your business.

ISO 27001 Requirements

ISO 27001 is unique because not all of the standards must be implemented in order for your organization to be certified as compliant. In that case, what are ISO 27001 controls and what are ISO 27001 requirements? There are 114 controls in total among 14 categories, and the ISO 27001 Security Standard requires that you assess your organization, your data, and your information security management system, implementing the controls that make sense for your business.

How do you assess ISO 27001 success?

The goal of ISO 27001 is to secure your data and information systems, but how do you determine whether it is effective in your case? Every business needs to determine the top key performance indicators or KPIs that reflect their ISMS’s effectiveness. These key performance indicators for measuring ISO 27001 effectiveness will vary based on each business’s ISMS, but tracking these metrics is critical for keeping your system secure and is a vital part of ISO 27001 compliance.

{{cta_withimage2="/cta-modules"}}

Additional resources you might like:

Comparisons and reviews
Blog
Why enterprise leaders choose Vanta over Drata to prove and manage trust

Learn how Vanta is uniquely equipped to meet the needs of large, complex organizations.

Vendor Risk Management
Events
Demo: Navigating Third-Party Risk Through Vanta’s Vendor Risk Management

Register for our product demo that will showcase Vanta’s Vendor Risk Management Solution.

GRC
Events
Turning Chaos Into Clarity: Continuous Security at Scale

Join Vanta’s GRC expert to learn how automated, continuous trust management replaces manual processes, helps you stay audit-ready, strengthens risk insights, and turns your GRC program into a business advantage.

Additional resources you might like:

Comparisons and reviews
Blog
Why enterprise leaders choose Vanta over Drata to prove and manage trust

Learn how Vanta is uniquely equipped to meet the needs of large, complex organizations.

Vendor Risk Management
Events
Demo: Navigating Third-Party Risk Through Vanta’s Vendor Risk Management

Register for our product demo that will showcase Vanta’s Vendor Risk Management Solution.

GRC
Events
Turning Chaos Into Clarity: Continuous Security at Scale

Join Vanta’s GRC expert to learn how automated, continuous trust management replaces manual processes, helps you stay audit-ready, strengthens risk insights, and turns your GRC program into a business advantage.

SOC 2
Events
Demo: Accelerate security and compliance workflows with AI

Tune in for this live demo that will showcase how Vanta simplifies compliance, centralises security workflows, and automates evidence collection across 35+ frameworks like SOC 2, ISO 27001 and more.

GRC
Events
The New Rules of Trust: Compliance, Risk, and AI

Watch on-demand as Ashish Rajan, CISO at Kaizenteq (and host of the Cloud Security Podcast), and Faisal Khan, GRC Subject Matter Expert at Vanta have a tactical conversation on what it really takes to mature compliance, risk, and trust in the age of AI.

Compliance
Guide / Report
The ultimate guide to FedRAMP: A requirements guide for authorization

Learn about FedRAMP authorization, from impact levels to compliance steps, to unlock opportunities with U.S. federal agencies.

Compliance
Events
Secure from the Start: How Founders Build Compliance Into Early-Stage Growth

Hear from the Head of Information Security at Robin AI and the Co-Founder & CEO of Pavlov as they share how they embedded security and compliance into their startup journey, without slowing down innovation.

Compliance
Events
Building Trust in the AI Boom: Security, Capital, and Credibility from Day One

Join the CFOs of Vanta and Mercury for a tactical conversation on how early-stage teams can build trust with investors and buyers, without slowing down.

Compliance
Events
Demo: Accelerate security and compliance workflows with AI

Watch on-demand to see the AI functionality within the Vanta platform and how it can simplify your compliance process.