SS ISO/IEC 27001:2023

Information security, cybersecurity and privacy protection – Information security management systems – Requirements


This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.

The requirements set out in this document are generic and are intended to be applicable to all organisations, regardless of type, size or nature.




Status Current
Edition 2023
No. of Pages 29
ICS Classification 03.100.70 Management systems
35.030 IT Security
Committee Information Technology Standards Committee
Available for Purchase Global
Adoption ISO/IEC 27001 : 2022 IDT