Published:
Last updated:
ISO 27001 and Compliance-as-Code
ISO/IEC 27001 is the world's leading standard for information security management systems (ISMS). It provides a systematic approach to protecting corporate data from loss, theft, and manipulation.
Core concept
The core of the standard is risk-based management. It requires not only technical controls but also organisational processes and continuous improvement (PDCA cycle).
Relevance
- Compliance-as-Code: Automated monitoring of ISO controls within cloud infrastructure.
- Asset Management: Complete inventory of all IT assets as the basis for risk analysis.
- Incident Management: Standardised processes for responding to security incidents in line with ISO requirements.
Related topics
- Technology: Compliance, the control frame for ISO 27001 and Compliance-as-Code.
- Standards, the standards section that frames ISO 27001 and Compliance-as-Code.
Ask AI
These links open external AI services, the conversation and its content are sent to their providers.