0a8e77e949
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
1.5 KiB
ISO/IEC 27001 (Information Security Management)
International standard for information security management systems (ISMS). The most widely adopted security certification globally — ~60,000 certified organizations. Requires: risk assessment, security controls (Annex A, 93 controls across 4 domains), continuous improvement (Plan-Do-Check-Act), management review, internal audit.
Who must comply: Self-selected — enterprises pursue ISO 27001 certification because supply chain partners and regulators require it. Increasingly mandatory for: cloud providers, government contractors, critical infrastructure, and regulated financial institutions in multiple jurisdictions.
Penalties: No direct fines. Losing certification means losing business.
Why it matters: ISO 27001 is the universal baseline. It is the entry-level certification that opens every other regulated market. The gate stack maps to Annex A controls directly (A.9 access control, A.12 operations security, A.16 incident management, A.18 compliance). First-mover advantage: the ISO 27001 audit market is mature ($68B) and entirely manual (auditors flip through binders). A gate stack that produces audit evidence automatically is not competing with other software — it is competing with binders.