About ISO 27001

---

ISO 27001 is the international standard that specifies the requirements for an Information Security Management System (ISMS).

An ISMS provides organizations with a holistic framework to protect information they own and handle and to manage information security risks effectively. It helps ensure the confidentiality, integrity and availability of information assets, protecting them from unauthorized access, modification, disruption or loss.

The use of an ISMS is not limited to organizations in the information technology sectors. Various types of organizations, regardless of their size and industry or economic sector, can use the standard to reduce the vulnerability of their information assets to cyberattacks. The risk-based approach of an ISMS guides organizations to identify and address current and potential risks, resulting in a more capable defense infrastructure against cyberattacks.

Organizations certified to ISO 27001 gain the confidence of their customers and other stakeholders by demonstrating that they maintain and continually improve a proactive system to manage risks as well as opportunities associated with their information assets, thereby ensuring the sustainability of their business operations.

CIP certifies organizations to ISO 27001 that successfully complete CIP’s audit process of their ISMS against the criteria of the standard.