Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started
Request Demo

ISO 27001 Framework

Automate and elevate your security protocols in line with the only internationally recognized information security framework.

ISO 27001 Framework Basics

ISO 27001 seeks to secure the confidentiality, integrity, and availability of an organization’s data. It requires a Statement of Applicability, which includes a list of security controls and measures that an organization intends to implement.

There are two parts to the Statement of Applicability: the 11 clauses and the Annex, which has 114 control objectives covering the Introduction, Scope, Normative References and mandatory requirements for certification.

There are six security areas covered in ISO 27001 along with fourteen domains/categories. The six security areas are:

  1. Company security policy
  2. Asset management
  3. Physical & environmental security
  4. Access control
  5. Incident management
  6. Regulatory compliance

The domains covered by ISO 27001 include the following:

  • Information security policies
  • Organization of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operational security
  • Communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance

Learn more about CyberStrong

Download the Solution Sheet

Download the CyberStrong Solution Sheet