International Organization for Standardization (ISO)

Governance (GRC) 📜 • Security+ 🏆 • Difficulty: premium

Definition

ISO is an independent international body that develops and publishes standards to help organizations use consistent, agreed ways of working. In cybersecurity, ISO standards are widely used to build governance programs, manage risk, and demonstrate good security practices through frameworks like ISO/IEC 27001.

Examples

A company adopts ISO/IEC 27001 to build an Information Security Management System and prove its security governance through certification.
A supplier is asked for ISO 27001 certification during procurement as evidence of a mature security program.

Discover 🔎

You will often hear people say “ISO standards” when they mean a set of published best-practice documents that organizations can follow. ISO standards exist across many industries, but they are especially important in governance and compliance because they help answer a common question: are we managing security in a structured, repeatable way that can be measured and improved?

In cybersecurity, ISO is strongly associated with the ISO/IEC 27000 family, which is a widely used set of standards for information security management.

Remember: ISO is the standards body. ISO/IEC 27001 is a specific security standard you can implement and even certify against.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.