Cloud Risks & Risks Management

2/2/22, 5:31 PM ISO Standards

https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/iso-standards.html?ou=622270 1/2

ISO Standards

The International Organization for Standards (ISO) is a global, independent,

nongovernmental organization that develops and promulgates international standards for

a variety of products and services. One such standard, ISO 27001, identifies best

practices for an information security management system.

Last revised in 2013, ISO 27001 not only details the requirements to establish,

implement, maintain and improve information security management systems, but also

addresses the requirements for both assessing and mitigating information security risks.

The goal of this standard is to preserve confidentiality, integrity and availability by

implementing a risk management process.

ISO 27001 addresses (2013):

understanding an organization’s needs, scope, and information management system;

clear articulation of leadership commitment, roles, and organizational policies;

planning for information security risks and the treatment of the risks;

support in the areas of communications, competence, resources, and awareness;

operations and associated operational planning;

performance evaluation that includes audit and performance review; and,

improvement and corrective actions.

References

ISO/IEC 27001:2013. (2013). Information technology - security techniques - information

security management systems - requirements.

https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en

© 2022 University of Maryland Global Campus

Learning Resource

2/2/22, 5:31 PM ISO Standards

https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/iso-standards.html?ou=622270 2/2

All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity

of information located at external sites.