cc3976fb7f
- Split competitive-analysis-2026-05.org → TOC + 9 competitor files in ideas/competitors/. Dropped date from filename. All competitor UUIDs generated, TOC keeps original UUID for backlink continuity. - Deleted passepartout-economics.org archive (replaced by 27-node KB). - Inlined 5 'See also' blocks into natural prose (compliance-index, first-mover-window, revenue-table, orders-of-magnitude-time, native-org-knowledge-base). - Linked 7 orphan compliance pages back to compliance index + finished truncated sentences. - Linked all 14 Agora requirement docs from topic-relevant pages (identity→lisp-machine-security, infrastructure→compute-marketplace, social-space→growth-strategy, exchange→agora-contracts, etc.). - Linked ai-industry-impact from investment-thesis, sufficiency-flip, verification-appliance, effects-growth-flywheel (up from 1 to 10+ pages). - Fixed CREATED timestamps to use git commit dates instead of today. - Made all links absolute from root (no port inheritance). - Removed stale agora/docs/ duplicate content.
33 lines
1.5 KiB
Org Mode
33 lines
1.5 KiB
Org Mode
:PROPERTIES:
|
|
:ID: e2ab887d-9f28-4da6-8388-e6c035e9d9c5
|
|
:ID: auto-iso-27001
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: ISO/IEC 27001 (Information Security Management)
|
|
#+filetags: :passepartout:compliance:framework:iso:
|
|
|
|
|
|
International standard for information security management systems (ISMS).
|
|
The most widely adopted security certification globally — ~60,000 certified
|
|
organizations. Requires: risk assessment, security controls (Annex A, 93
|
|
controls across 4 domains), continuous improvement (Plan-Do-Check-Act),
|
|
management review, internal audit.
|
|
|
|
Who must comply: Self-selected — enterprises pursue ISO 27001 certification
|
|
because supply chain partners and regulators require it. Increasingly mandatory
|
|
for: cloud providers, government contractors, critical infrastructure, and
|
|
regulated financial institutions in multiple jurisdictions.
|
|
|
|
Penalties: No direct fines. Losing certification means losing business.
|
|
|
|
Why it matters: ISO 27001 is the universal baseline. It is the entry-level
|
|
certification that opens every other regulated market. The gate stack maps
|
|
to Annex A controls directly (A.9 access control, A.12 operations security,
|
|
A.16 incident management, A.18 compliance). First-mover advantage: the ISO
|
|
27001 audit market is mature ($68B) and entirely manual (auditors flip through
|
|
binders). A gate stack that produces audit evidence automatically is not
|
|
competing with other software — it is competing with binders.
|
|
|
|
** [[id:748b0cc7-7f42-49fb-8ee3-1ae49048a178][ISO 27701]] (Privacy Information Management — PIMS extension to ISO 27001)
|
|
|