LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is ISO 27001 and what makes it unique among the ISO 27000 standards?

ISO 27001 defines the requirements for establishing, operating, monitoring, maintaining, and improving a documented ISMS — and it's the only standard in the family you can be certified against.

Key facts:

  • Originated from the British Standard BS 7799-2:2002
  • Published as an ISO standard in 2005
  • Defines the security process using the PDCA (Plan-Do-Check-Act) approach
  • Note: The 2013 revision no longer explicitly mandates PDCA, acknowledging other approaches exist

Annex A contains control objectives and controls borrowed from ISO 27002, which the ISMS must address.

Certification scope:

  • An organization can choose its Scope — the ISMS doesn't have to cover the entire company
  • Could be: whole company, one department, one location, or a specific infrastructure (e.g., the DMZ)
  • The Statement of Applicability (SoA) lists which ISO 27002 controls are included
  • Together, Scope + SoA define the boundaries of the certification

Go deeper:

From Quiz: ISM / Standards & Frameworks I (ISO, BSI) | Updated: Jul 05, 2026