ISO 27001 Certification
ISO 27001 specifies the requirements for the policies, procedures and processes that comprise a company’s information security management system (ISMS). This international standard was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS.
ISO 27001 uses a top-down, risk-based approach. Earning certification in this standard is not based on adhering to a set of predetermined rules. Instead, an organization is certified based on a set of controls that are specific to its risks. These controls comprise the company’s Statement of Applicability, a document that ISO auditors will certify an organization against.
Download the datasheet to learn more.
About NAVEX
NAVEX’s GRC software and compliance management solutions support the integrated risk, ESG and compliance management programs at more than 13,000 organizations worldwide.