Learn about ISO27001

Alec Moloney  
Edited

ISO27001, formally known as ISO/IEC 27001 (Information Security Management Systems), is an international standard that outlines requirements for organisations to maintain a best-practice Information Security Management System (ISMS).

 

Why is it important?

In today’s digital era, organisations have an increasing obligation to protect the information they process and store against unauthorised access, use, disclosure, and distribution. An ISMS defines the policies, requirements, and processes an organisation follows when managing data and information. Organisations can evaluate themselves against the ISO27001 standards to demonstrate that the ISMS they operate complies with international industry best-practice.

 

How does an organisation achieve certification?

Certifications under the ISO27001 standard are issued by an accredited certification body. The process to becoming certified generally has two main steps:

  1. Gap Analysis Audit - Determines gaps between the operated ISMS and the standard.
  2. Certification Audit - Formal audit to ensure the ISMS complies with the standard.

Once certified, organisations must demonstrate ongoing application of the ISMS and commitment to improving the ISMS to maintain best-practice standards. This is done through:

  1. Annual Audit - Reviews a subset of controls to ensure ongoing compliance.
  2. Recertification Audit (Every 2 Years) - Reviews all controls to ensure ongoing compliance.

 

Is this the same as SOC 2?

Although ISO27001 is very similar to SOC 2 and they share considerable overlap, they are different certifications.

 

Is Snowplow ISO27001 certified?

Snowplow has been ISO27001 certified since 2021. If you have any questions don’t hesitate to reach out to our friendly support team for further information.