ISO certification of management systems
ISO certification of management systems

ISO 27001

ISO 27001 standard - Information security management system
ISO 27001 standard - Information security management system

The ISO 27001:2022 standard specifies the requirements for establishing, implementing, maintaining and continuously improving a management system for information security within the organization's context. Information security protects sensitive information from unauthorized activities, including inspection, modification, recording and any disruption or destruction. The aim is to ensure the security and privacy of critical data such as customer account details, financial data or intellectual property. 

We must protect our information so that:

  • it is always available when we need it (availability)
  • we can trust that it is correct and not manipulated or corrupted (integrity)
  • only authorized persons can take part in it (confidentiality)
  • the information handling is in line with requirements and regulations

This ISO standard also contains requirements for assessment and treatment of information security risks adapted to the organisation's needs. The requirements in this document are generic and are intended to apply to all organisations, regardless of type, size or nature. Excluding any of the requirements specified in clauses 4 to 10 is not acceptable when an organization claims compliance with this document. The standard has been adopted as a Norwegian and European standard and published here as ISO 27001:2023. 

A guide has been prepared for the standard, ISO 27002. In addition, there are a number of supplementary subject-specific standards such as ISO 27001 handling of privacy information and ISO 27005 Guidance on handling information security risks. 

Implementation of a management system according to ISO 27001 can have both internal and external effects on your organisation. Examples may be; 

Internal Effects:

  • Increased security for information and data
  • Reduced risk of data loss.
  • Improved internal control and governance for the detection of abuse
  • Improved awareness among employees

External effects:

  • Improved reputation among customers, suppliers and other stakeholders
  • Reduced risk of negative consequences of security flaws
  • Increased market access

Implementation of ISO 27001 can help achieve sustainability goals within;