ISO 27001

ISO 27001 is the certifiable standard; ISO 27002 is the implementation guide. Learn which document your auditor checks, which one to buy first, and how to use them together.

ISO 27001 risk assessment methodology, 7-step process, scoring matrix, scenario examples, and documentation auditors actually request.

ISO 27001 certification explained: the full path from scoping to certificate, Annex A 2022 controls, audit stages, costs, documents required, and framework comparisons.

ISO 27001 Statement of Applicability explained: what to include, all 93 Annex A controls, justification examples, and a free SoA template.

What ISO 27001 Clause 9.2 actually requires for internal audits: program setup, auditor independence, 40-point checklist, finding classifications, and report structure.

All 93 ISO 27001:2022 Annex A controls across 4 themes: Organizational (37), People (8), Physical (14), Technological (34). Control numbers, implementation notes, framework mapping.

How ISO 27001 certification works: scoping, gap assessment, two-stage external audit, surveillance, and three-year recertification cycle explained.

How the ISO 27001 two-stage certification audit works: Stage 1 documentation review, Stage 2 implementation audit, surveillance, nonconformities, and recertification.

Step-by-step ISO 27001 implementation guide covering the 10 phases from gap analysis to certification audit, with timelines, costs, and common mistakes.

ISO 27001 certification cost breakdown for 2026: US and UK pricing, auditor fees, consultant costs, platform pricing, and total cost by company size.