ISO 27001 is an international standard published by the International Standardization Organization (ISO), and it describes the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. The new ISO 27001 update was published on October 25, 2022 following the update of ISO 27002:2021 last year and its full title is now ISO/IEC 27001 - Information security, cybersecurity and privacy protection — Information security management systems — Requirements. The first revision of the standard was published in 2005, and it was developed based on the British standard BS 7799-2.

ISO 27001:2022 can be implemented in any kind of organization, profit or non-profit, private or state-owned, small or large. It was written by the world’s best experts in the field of information security and provides a methodology for the implementation of information security management in an organization. It also enables companies to become certified, which means that an independent certification body has confirmed that an organization has implemented information security, cybersecurity and privacy protection compliant with ISO 27001.