Quiz Entry - updated: 2026.07.05
What is ISO 27001 and what makes it unique among the ISO 27000 standards?
ISO 27001 defines the requirements for establishing, operating, monitoring, maintaining, and improving a documented ISMS — and it's the only standard in the family you can be certified against.
Key facts:
- Originated from the British Standard BS 7799-2:2002
- Published as an ISO standard in 2005
- Defines the security process using the PDCA (Plan-Do-Check-Act) approach
- Note: The 2013 revision no longer explicitly mandates PDCA, acknowledging other approaches exist
Annex A contains control objectives and controls borrowed from ISO 27002, which the ISMS must address.
Certification scope:
- An organization can choose its Scope — the ISMS doesn't have to cover the entire company
- Could be: whole company, one department, one location, or a specific infrastructure (e.g., the DMZ)
- The Statement of Applicability (SoA) lists which ISO 27002 controls are included
- Together, Scope + SoA define the boundaries of the certification
Go deeper:
ISO/IEC 27001 (Wikipedia) — Herkunft aus BS 7799, die zertifizierbaren Anforderungen, Annex A und das Statement of Applicability.
ISO 27001 Guides — Overview of the ISO 27001 Standard (YouTube) — kompakter Video-Überblick über Aufbau und Zweck der Norm.