Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is the ISO 27001 security standard?

The ISO/IEC 27001 standard provides requirements for information security management systems (ISMS). Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the ISO 27001 security standard is a set of best practices that support organizations in managing their information security by addressing people, processes, and technology. The standard applies to organizations of any size or type and is technology- and vendor-neutral.

‍The ISO/IEC 27001 standard engages a risk-based approach to information security, requiring organizations to identify information security risks pertinent to their organization and the space in which they operate, and to select the appropriate controls to address those risks.

‍ISO 27001 comprises 114 controls divided into 14 categories. There is no requirement to implement the full list of ISO 27001’s controls; rather, they are possibilities for an organization to consider based on its particular needs. The 14 categories are:

  • Information security policies
  • Organization of information security and assignment of responsibility
  • Human resource security
  • Information asset management
  • Employee access control
  • Encryption and management of sensitive information
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development, and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance

‍ISO 27001 is a world-class standard that can support an organization in proving its security practices to potential customers. The full standard provides a wide range of controls an organization can utilize to ensure its approach to information security is comprehensive.

{{cta_withimage2="/cta-modules"}}

Additional resources you might like:

Compliance
Vanta events | Vanta
Fostering a culture of security in an AI world

Watch our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Security
Vanta events | Vanta
How Trust Centers Help Save Time and Accelerate Sales

Discover how trust centers enhance customer confidence, streamline security processes, and drive sales growth, based on IDC’s latest research.

Product updates
Blog
Introducing new Vanta capabilities to automatically improve your security posture

Today we’re excited to announce a framework for the CIS Critical Security Controls® 8.1, automated tests aligned to the CIS Foundation Benchmarks, and enhancements to the Vanta API.

Additional resources you might like:

Compliance
Vanta events | Vanta
Fostering a culture of security in an AI world

Watch our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Security
Vanta events | Vanta
How Trust Centers Help Save Time and Accelerate Sales

Discover how trust centers enhance customer confidence, streamline security processes, and drive sales growth, based on IDC’s latest research.

Product updates
Blog
Introducing new Vanta capabilities to automatically improve your security posture

Today we’re excited to announce a framework for the CIS Critical Security Controls® 8.1, automated tests aligned to the CIS Foundation Benchmarks, and enhancements to the Vanta API.

Compliance
Vanta events | Vanta
Audit Prep Excellence: Your Path to Success

Join our interactive webinar featuring experts in compliance auditing for a live Q&A session. We'll dive into essential tips for preparing for various compliance audits, guide you through the nuances of both ISO 27001 and SOC 2 standards, and discuss best practices for maintaining continuous compliance.

Product updates
Vanta events | Vanta
What's New in Vanta: July

Are you curious about new Vanta features? Join Vanta's 'What's New in Vanta' webinar to discover new features and enhancements. Register now!

Product updates
Vanta events | Vanta
What's New in Vanta: June

Are you curious about new Vanta features? Register for our "What's New in Vanta: June" webinar.

Security
Blog
The state of trust in an AI world: VantaCon UK recap

Security and compliance experts share their insights and analysis of key findings from Vanta’s State of Trust Report in this VantaCon UK panel.

Company news
Blog
VantaCon UK highlights: See the future of trust in an AI world

From product announcements to panel discussions, watch highlights and recordings from VantaCon UK.

SOC 2
Vanta events | Vanta
Ask Me (Almost) Anything: Post-Audit Planning and Excellence

Navigate post-audit success with Vanta & A-LIGN. Get expert advice on leveraging findings for growth. Register for access or recording.