Information security extensions and codes of practice 


IT systems and information security are developing and changing at a rapid pace. To keep up with new demands, the ISO (International Organisation for Standardisation) created a family of extensions and codes of practice that link up with its information security management Standard, ISO 27001

Together, they create a more comprehensive information security management system that can be adapted to suit the unique needs of your business. 

ISO 27001


ISO 27001 is the international Standard for Information Security Management. It was developed by the ISO to give businesses appropriate security measures to protect information and prevent it from being accessed, corrupted, lost or stolen. 

To do this, the Standard features 114 controls that set out processes and procedures for controlling legal, physical and technical risks to information security. This enables businesses to create a robust information security management system (ISMS) to keep information safe.

To create an even more tailored ISMS. ISO 27001 can then be combined with ISO 27017, ISO 27018 and ISO 27701. 

ISO 27017

Code of Practice for Information Security Controls Based on ISO 27002 for Cloud Services


ISO 27017 builds upon ISO 27001's framework to create controls specific to cloud service providers.

The ISO also lays out responsibilities that should be followed by cloud clients to ensure IT teams know what they need from their cloud platform.


ISO 27018

Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds


ISO 27018 provides a code of practice to cloud service companies who are also PII processors.

With relevant controls, the ISO helps businesses to keep information processed from the cloud safe.

ISO 27701

Privacy Information Management System


The ISO helps businesses to protect data privacy and manage personal information.

It creates a system of processes for a Privacy Information Management System (PIMS) that helps businesses to assess, react to, reduce risks linked to the collection, storage, management and processing of PII.


Do I need to get ISO 27001 in order to have ISO 27018?

Do I need to get ISO 27001 in order to have ISO 27017?

Do I need to get ISO 27001 in order to have ISO 27701?


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only