ISO 2700 is a certification standard for information technology and management information systems. By securing such a certification, companies can better sell IT services as well as underwrite the reliability of internal operations.


The International Organization for Standardization (ISO) is responsible for setting over 18,000 standards across multiple industries and multiple subjects within each industry.

ISO 2700x

ISO 2700x represents the family of standards for the information security industry. Companies look to secure a certification under the 2700 family to demonstrate to the world that their IT systems comply with industry standards. The "x" in the 2700x refers to individual standards within the 2700 family, such as 27000, 27001, 27002, 27003, 27004, 27005 and 27006. Each individual standard has a specific application under the information security umbrella.

The Certification Process

To prepare for certification, companies set up an Information Security Management System, or ISMS. The ISMS is a set of policies designed, packaged and implemented by companies to manage the risk to its information system. Once established, companies certify their ISMS according to a rigorous certification process.

Related Articles