The ISO 27001 Suite


Add extensions to your ISO 27001

Graphic of web security


IT systems and information security are developing and changing at a rapid pace. To keep up with new demands, the ISO (International Organisation for Standardisation) created a family of extensions and codes of practice that link up with its information security management Standard, ISO 27001.

Together, they create a more comprehensive information security management system that can be adapted to suit the unique needs of your business.

ISO 27001

ISO 27001 is the international Standard for Information Security Management. It was developed by the ISO to give businesses appropriate security measures to protect information and prevent it from being accessed, corrupted, lost or stolen.

To do this, the Standard features 114 controls that set out processes and procedures for controlling legal, physical and technical risks to information security. This enables businesses to create a robust information security management system (ISMS) to keep information safe.

To create an even more tailored ISMS. ISO 27001 can then be combined with ISO 27017, ISO 27018 and ISO 27701.


Code of Practice for Information Security Controls Based on ISO 27002 for Cloud Services

ISO 27017 builds upon ISO 27001’s framework to create controls specific to cloud service providers.

The ISO also lays out responsibilities that should be followed by cloud clients to ensure IT teams know what they need from their cloud platform.

Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds

ISO 27018 provides a code of practice to cloud service companies who are also PII processors.

With relevant controls, the ISO helps businesses to keep information processed from the cloud safe.

Privacy Information Management System

The ISO helps businesses to protect data privacy and manage personal information.

It creates a system of processes for a Privacy Information Management System (PIMS) that helps businesses to assess, react to, reduce risks linked to the collection, storage, management and processing of PII.


Do I need to get ISO 27001 in order to have ISO 27018?

Do I need to get ISO 27001 in order to have ISO 27017?

Do I need to get ISO 27001 in order to have ISO 27701?


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only