CISA· ISACA
Certified Information Systems Auditor (ISACA)
ISACA’s CISA targets IS audit. 5 domains, ITAF and COBIT, 2,300+ questions with AuditBot explanations.
Term DefinitionFrameworks
ISO 27001
The international standard for Information Security Management Systems (ISMS).
ISO/IEC 27001 is the global reference standard for information security. The 2022 version (ISO 27001:2022) introduces 11 new controls and reorganizes Annex A into 4 themes: organizational, people, physical, and technological. It specifies requirements for establishing, implementing, maintaining, and improving an ISMS. ISO 27001 certification is often required by clients, partners, and regulators. Certification is obtained through a two-stage audit by an accredited certification body.
📌 Key points
- Current version: ISO 27001:2022 — 93 controls organized in 4 themes
- 3-phase process: Stage 1 (documentation review) + Stage 2 (implementation audit) + surveillance
- 3-year certification cycle with annual surveillance audits
- Complementary to DORA and NIS2 — often accepted as partial compliance evidence
- ISO 27002:2022 provides the implementation guide for Annex A controls
Related certifications
These certifications cover the concept of "ISO 27001" in depth.
🔗 Related concepts
FrameworksFrameworksComplianceComplianceComplianceCertifications
NIST CSF
NIST Cybersecurity Framework — the US reference for managing cyber risks.
COBIT
An IT governance and management framework published by ISACA.
DORA Regulation
Digital Operational Resilience Act — EU regulation on digital operational resilience.
NIS2 Directive
EU directive on the security of network and information systems — revised version.
GDPR
General Data Protection Regulation — the European framework for personal data protection.
CISA Certification
Certified Information Systems Auditor — the global standard for IS audit and governance.
📖 Related articles
Master this concept and more
Start your GRC certification journey today.