FAQ resource for What is ISO 27001?.
Answer
ISO/IEC 27001 is an international standard that specifies the requirements for an information security management system (ISMS), a risk-based framework of policies, processes, and controls for protecting information assets. Organizations identify risks, select and implement controls (guided by the Annex A control set), and can pursue independent certification by an accredited auditor. Unlike SOC 2, which produces an audit report, ISO 27001 results in a formal certificate that is recognized globally, especially outside the US.