DisclosureIndependent directory. Not a CPA firm. Nothing here is legal, audit, or tax advice. Methodology.

ISO/IEC 27001

ISO/IEC 27001 is an international standard for information security management systems (ISMS) issued by ISO and IEC. Unlike SOC 2, it is a certification: an accredited certification body issues a cert

ISO/IEC 27001 is an international standard for information security management systems (ISMS) issued by ISO and IEC. Unlike SOC 2, it is a certification: an accredited certification body issues a certificate after a two-stage audit. ISO 27001 is often the preferred framework for companies with significant European or international customers.

Key controls

Information security policies (Annex A.5)
Organization of information security (A.6)
Human resources security (A.7)
Asset management (A.8)
Access control (A.9)
Cryptography (A.10)
Operations security (A.12)