nexalign

Glossary term

ISO 27001

Also: ISO/IEC 27001, ISMS

International standard for information security management systems. Current version ISO/IEC 27001:2022. Certifiable through accredited bodies. Core framework for ISMS implementation, risk treatment, continuous improvement.

ISO 27001 defines requirements for setting up, implementing, maintaining and continually improving an ISMS. Annex A lists 93 controls across four themes: organisational, people, physical, technological.

Certification by accredited bodies, validity 3 years with annual surveillance audits. Recertification in year three.

Relationship to NIS2/DORA: ISO 27001 is a strong foundation and covers many minimum measures, but NIS2 and DORA additionally require explicit supply-chain security, concrete reporting deadlines, personal management body liability and sector-specific duties. ISO 27001 is help, not substitute.

Related terms

SOC 2 Type 2

Audit report by a US public accountant under AICPA SSAE 18 standard, confirming the operating effect

NIS2

EU directive on network and information security. Replaces NIS1, widens scope to around 30,000 Germa

ISO 27002

Companion standard to ISO 27001 that fleshes out the 93 Annex A controls. Not certifiable, but the p

IAM (Identity and Access Management)

The stack of systems that governs who has access to which systems under which conditions. IAM covers

ICT Concentration Risk

Risk arising from dependence on a small number of or a single ICT third-party provider. DORA Art. 29

IGA

Software category for identity governance: lifecycle management, role modelling, access recertificat

AI Act Conformity Assessment

Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed

AI Act Risk Categories

Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited

← All termsBook a demo →