This website uses cookies. View our cookie policy

ISO/IEC 27001 – the Information Security Management System Standard


ISO 27001 is the international standard for information security management systems (ISMSs). The Standard can help organisations achieve all of their regulatory compliance objectives concerning data privacy and information security.

How does ISO 27001 compliance help organisations?

Information systems are not usually designed to be secure from the outset

Technical security measures (such as firewalls, antivirus and other processes) and checklists have a limited ability to protect a complete information system.

ISO 27001 provides the specification for an information security management system and sets out guidelines for optimal information security management.

An ISMS presents a holistic approach to information security, providing protection on three levels: people, processes and technology.

ISO 27001 and risk assessments

The risk assessment is at the heart of effective information security management.

The risk assessment is a crucial element of establishing an ISMS, identifying the relevant risks so that appropriate responses can be implemented to deal with those risks.

Many companies use ISO 27001 as the ‘gold standard’ for designing a comprehensive set of security controls. An ISMS based on ISO 27001 demonstrates the extent to which cyber and information risks are effectively being controlled.

What does ISO 27001 say about risk assessments?

Conducting an ISO 27001 risk assessment

  1. Choose the appropriate risk assessment methodology
    • Select criteria and ‘rules’
  2. Conduct the risk assessment
    • identify assets, threats, vulnerabilities (or risks)
  3. Define the estimated impact and likelihood of the risks
  4. Select the appropriate risk response
    • treat (by applying controls)
    • transfer
    • tolerate
    • terminate
  5. Draw reports
    • including the Statement of Applicability and the risk treatment plan
  6. Monitor, review and communicate

How Vigilant Software can help



Find out how vsRisk can help speed up and simplify the risk assessment process.



IT Legal Compliance Database

Ensure you meet the requirements of interested parties according to ISO 27001 and maintain compliance all year round.