amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a8e77e9492bbe281d7f11ee39690dfa2d41bb02
hermes-brain/projects/passepartout/strategy/compliance/iso-27001.org
Hermes 0a8e77e949 Reorganize brain: projects/ top level, rename filenames, update homepage 
- Moved everything from ideas/passepartout/ to projects/passepartout/
- Moved legal structures to projects/flags/
- Created missing _index.org files for all subdirectories
- Stripped redundant passepartout- prefix from filenames
- Rewrote root _index.org as generalized brain index (projects + concepts)
- Updated Hugo nav to Projects/Concepts
- Updated build script section descriptions
- Deleted stale ideas/passepartout-economics.md orphan
2026-05-24 18:54:14 +00:00

33 lines
1.5 KiB
Org Mode
Raw Blame History

:PROPERTIES:
:ID: e2ab887d-9f28-4da6-8388-e6c035e9d9c5
:ID: auto-iso-27001
:CREATED: [2026-05-23 Sat]
:END:
#+title: ISO/IEC 27001 (Information Security Management)
#+filetags: :passepartout:compliance:framework:iso:
International standard for information security management systems (ISMS).
The most widely adopted security certification globally — ~60,000 certified
organizations. Requires: risk assessment, security controls (Annex A, 93
controls across 4 domains), continuous improvement (Plan-Do-Check-Act),
management review, internal audit.
Who must comply: Self-selected — enterprises pursue ISO 27001 certification
because supply chain partners and regulators require it. Increasingly mandatory
for: cloud providers, government contractors, critical infrastructure, and
regulated financial institutions in multiple jurisdictions.
Penalties: No direct fines. Losing certification means losing business.
Why it matters: ISO 27001 is the universal baseline. It is the entry-level
certification that opens every other regulated market. The gate stack maps
to Annex A controls directly (A.9 access control, A.12 operations security,
A.16 incident management, A.18 compliance). First-mover advantage: the ISO
27001 audit market is mature ($68B) and entirely manual (auditors flip through
binders). A gate stack that produces audit evidence automatically is not
competing with other software — it is competing with binders.
** [[id:748b0cc7-7f42-49fb-8ee3-1ae49048a178][ISO 27701]] (Privacy Information Management — PIMS extension to ISO 27001)
Reference in New Issue View Git Blame Copy Permalink