# What is ISO 27001 **ISO 27001** is an international standard for managing information security. It provides a framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This standard helps organizations protect their information assets and ensure the confidentiality, integrity, and availability of their data. Key components of ISO 27001 include: 1. **Risk Assessment**: Identifying, assessing, and managing information security risks. 2. **Control Selection**: Implementing appropriate controls to mitigate identified risks. Annex A of ISO 27001 lists 114 controls across 14 domains, covering areas such as access control, physical security, and incident management. 3. **Policy and Documentation**: Establishing and maintaining information security policies, procedures, and records to ensure consistency and compliance. 4. **Continuous Monitoring and Improvement**: Regularly reviewing the ISMS, conducting internal audits, and implementing corrective actions to ensure ongoing improvement. Implementing ISO 27001 demonstrates an organization's commitment to information security, helping to build trust with customers, partners, and regulators. Achieving ISO 27001 certification involves an external audit, validating that the organization meets the standard's requirements and effectively manages information security risks. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://calvin-lai.gitbook.io/calvin-lai-security/iso-27001/what-is-iso-27001.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.