Search common contracting language and take a deeper dive to discover what each means
ISO (International Organization for Standardization) 27001, 27002, 27018, 27036-2, and 27701 are all different standards related to information security and data protection.
ISO 27001: This is a standard for Information Security Management Systems (ISMS). It provides a framework for establishing, implementing, maintaining, and continually improving information security management in an organisation.
ISO 27002: This is a standard that provides a code of practice for information security management. It provides guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.
ISO 27018: This is a standard that provides guidelines for protecting personally identifiable information (PII) in public clouds. It establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect PII in a public cloud computing environment.
ISO 27036-2: This is a standard that provides guidelines for information security in supplier relationships. It provides guidance on how to manage information security risks associated with the supply of products and services from external suppliers.
ISO 27701: This is a standard that provides guidelines for privacy information management. It extends the ISMS framework provided by ISO 27001 to address privacy management and helps organisations to establish, implement, maintain, and continually improve a privacy information management system.