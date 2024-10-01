ISO/IEC 27001 is an international standard for implementing an information security management system ("ISMS") published by the International Organization for Standardization’s ("ISO") and International Electrotechnical Commission ("IEC"). The ISO/IEC 27001 standard enables organizations to secure sensitive data and reduce the risk of cyber attacks by outlining a set of globally accepted management procedures and information security controls. In order to obtain an ISO certification, an organization’s information security management system must meet the criteria established by the management clauses defined by the ISO standard. In addition to the management clauses, there are 114 information security controls that may be included or omitted based on the risks the organization faces.

Organizations must complete a risk assessment or gap analysis to identify these risks and in turn document the justification for inclusion/omission in the Statement of Applicability. Both the certification and Statement of Applicability are essential to understanding the security measures an organization has taken.

Cloudflare is currently certified against ISO 27001:2013 and is transitioning to ISO 27001:2022 following ISO requirements.