Skip to Main Content
This website uses cookies. View our cookie policy

ISO/IEC 27001 – the Information Security Management System Standard


What is ISO 27001?

ISO 27001 is the international standard for information security management systems (ISMSs). The Standard can help organisations achieve all of their regulatory compliance objectives concerning data privacy and information security.

Certification to ISO 27001 is increasingly seen as a powerful assurance to your customers and business partners of your commitment to meet your obligations.

What are the benefits of being ISO 27001 compliant?

Avoid the costs incurred with a data breach: Certification to ISO 27001 is the benchmark for effective management of information and data security, allowing your organisation to avoid the losses that accompany non-compliance with data protection requirements.

Your organisation is not always protected by technical security measures

Technical security measures (such as firewalls, antivirus and other processes) and checklists have a limited ability to protect a complete information system.

ISO 27001 provides the specification for an information security management system and sets out guidelines for optimal information security management.

An ISMS presents a holistic approach to information security, providing protection on three levels: people, processes and technology.

ISO 27001 and risk assessments

The risk assessment is at the heart of effective information security management.

The risk assessment is a crucial element of establishing an ISMS, identifying the relevant risks so that appropriate responses can be implemented to deal with those risks.

Many companies use ISO 27001 as the ‘gold standard’ for designing a comprehensive set of security controls. An ISMS based on ISO 27001 demonstrates the extent to which cyber and information risks are effectively being controlled.

Find out more about ISO 27001 risk assessments by downloading our free green paper.

How to conduct an ISO 27001 risk assessment

  1. Choose the appropriate risk assessment methodology
    • Select criteria and ‘rules’
  2. Conduct the risk assessment
    • identify assets, threats, vulnerabilities (or risks)
  3. Define the estimated impact and likelihood of the risks
  4. Select the appropriate risk response
    • treat (by applying controls)
    • transfer
    • tolerate
    • terminate
  5. Draw reports
    • including the Statement of Applicability and the risk treatment plan
  6. Monitor, review and communicate

How Vigilant Software can help


vsRisk Cloud

Find out how vsRisk Cloud can help speed up and simplify the risk assessment process.



Compliance Manager

Manage your information security and data protection requirements with Compliance Manager.