ISO/IEC 27001:2022
ISO 27001 certification
Information Security Management Systems
Protecting the confidentiality, integrity and availability of your data.
At a glance
- UK adoption
- Around 5,000 UK organisations are currently certified
- Structure
- Annex SL — integrates with other ISO standards
Overview
What ISO 27001 is — in plain English.
ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS). It lays out a framework to protect data confidentiality, integrity and availability. It enables organisations of any size to manage risks, comply with regulations like GDPR, and protect against cyber threats through an approach involving people, processes and technology.
Inside the standard
Key components and requirements
ISMS framework
The 2022 version requires establishing, implementing, maintaining, and continually improving an ISMS. Organisations must adhere to clauses covering scope, leadership, planning, support, operation, performance evaluation and improvement.
Risk management
A central pillar requiring organisations to identify, assess and treat information security risks.
Annex A controls
A reference set of controls covering organisational, people, physical and technological measures, applied based on your risk profile.
Why certify
Benefits of certification
ISO/IEC 27001 follows Annex SL, enabling integration with other ISO management systems such as ISO 9001 and ISO 22301.
Enhanced security
Proactively identifies and addresses vulnerabilities before they become incidents.
Regulatory compliance
Helps meet legal, statutory and contractual requirements including GDPR.
Trust & competitive advantage
Builds confidence with clients and stakeholders that data is handled securely, and demonstrates a commitment to top-tier security standards.
Common questions