ISO Certification ISO/IEC 27001 and 27002 are Information Security Management System (ISMS) standards published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that specifies a management system that brings information security under explicit management control. Being a formal specification means that it mandates specific requirements and is subject to formal audits and certification compliance and requires systematic checks for security risks; design and implemention of coherent and comprehensive controls and/or other forms of risk treatment (such as risk avoidance or risk transfer). A management process must be adopted to ensure that the security controls continue to meet the organization’s informatio security needs on an ongoing basis.