ISO 27001

ISO 27001 provides a systematic approach to managing sensitive information so it remains secure. It covers people, processes, and technology, and requires organisations to assess information security risks and implement appropriate controls. The standard includes 93 controls (in the 2022 version) organised into four themes: organisational, people, physical, and technological. Organisations can be certified against ISO 27001 by accredited certification bodies. ISO 27001 certification demonstrates to customers, partners, and regulators that the organisation takes information security seriously. It's increasingly required in tenders, especially in government and financial services.