Information Security & Privacy: ISO 27001, ISO 27002, ISO 27701 & ISO 20000 Guide
Data breaches cost an average of $4.45 million (IBM, 2023). ISO 27001 and its companion standards provide a proven framework to protect information assets and comply with privacy regulations like GDPR.
The ISO 27000 Family
- ISO 27001:2022 - the certifiable ISMS standard (93 Annex A controls)
- ISO 27002:2022 - detailed guidance for implementing each control
- ISO 27005:2022 - information security risk management
- ISO 27017:2015 - cloud security controls
- ISO 27701:2019 - privacy information management (GDPR extension)
ISO 20000-1:2018
IT Service Management System standard for delivering reliable IT services under SLAs. Integrates well with ISO 27001 for organisations that both manage IT services and need to secure them.
ISO 27001 vs ISO 27701
| Aspect | ISO 27001 | ISO 27701 |
|---|---|---|
| Focus | Information security | Privacy / personal data |
| Structure | Standalone certifiable | Extension to 27001 |
| Controls | 93 Annex A controls | Additional PII controls |
| Regulation | Cyber security | GDPR, CCPA, LGPD |
| Prerequisite | None | ISO 27001 required first |
Related Articles
- What Is ISO Certification? Beginners Guide
- Benefits of ISO Certification: ROI
- ISO Certification Timeline
- Top 10 ISO Standards
Secure your data with ISO Xpert
ISMS toolkits, SoA templates, risk registers and privacy management packages.