{"id":17758,"date":"2020-12-03T06:00:52","date_gmt":"2020-12-03T14:00:52","guid":{"rendered":"https:\/\/www.trulioo.com\/?p=17758"},"modified":"2023-08-24T16:03:11","modified_gmt":"2023-08-24T16:03:11","slug":"iso-27001-compliance","status":"publish","type":"post","link":"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance","title":{"rendered":"Optimizing ISO 27001 compliance: integrating cybersecurity frameworks"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"900\" height=\"600\" src=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/ISO-27001-compliance.jpg\" alt=\"ISO 27001 compliance\" class=\"wp-image-17761\" srcset=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/ISO-27001-compliance.jpg 900w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/ISO-27001-compliance-740x493.jpg 740w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/ISO-27001-compliance-48x32.jpg 48w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><\/figure>\n\n\n\n<p><span style=\"font-weight: 400;\"> <\/span><\/p>\n\n\n\n<p>Personally identifiable information has been called \u201cthe new oil.\u201d This data is the touchstone of the modern world, required for everything from opening a bank account to participating in social media. It\u2019s also the most sought-after data type in cyber attacks. So how can organizations successfully protect that information while complying with ever-expanding privacy laws?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-information-security-standards-iso-27001\"><b>Information security standards: ISO 27001<\/b><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">The<\/span> <a href=\"https:\/\/www.iso.org\/about-us.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">International Organization for Standardization<\/span><\/a><span style=\"font-weight: 400;\"> (ISO) is one of the best-known names in international standardization, recognized in over 160 countries worldwide. The <\/span><a href=\"https:\/\/www.iso.org\/isoiec-27001-information-security.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">ISO 27001 certification<\/span><\/a><span style=\"font-weight: 400;\">, which requires both a documented information security management system and an external annual audit, is one of their most popular offerings.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Because ISO standards are accepted so widely, they must ensure compliance with a range of national and international laws and requirements. This broad applicability can result in frustration for people involved in implementing the ISO 27001 standard, who sometimes want specific, technical guidance.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">To take a specific example, Annex Control 8.1.3 requires that <\/span><i><span style=\"font-weight: 400;\">\u201cRules for the acceptable use of information and of assets associated with information and information processing facilities shall be identified, documented and implemented.\u201d<\/span><\/i><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">If you\u2019re in France, those rules are going to look very different from those in force in China, and the requirements for China are going to look different again to those applicable in Canada.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-legislative-parallels\"><b>Legislative parallels<\/b><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">Privacy laws and regulations undergo lengthy review and approval processes before publication, and therefore avoid technical specifics so they aren\u2019t outdated by the time they\u2019re enforced. Similarly, the ISO 27001 standard states high-level requirements, and relies on the willingness and the competence of individual organizations to do the necessary research to ascertain how best to comply. For example:<\/span><\/p>\n\n\n\n<ul>\n<li><span style=\"font-weight: 400;\">The European<\/span> <span style=\"font-weight: 400;\">GDPR, as one of the benchmark pieces of privacy legislation to date, has similarly high-level aims: <\/span><i><span style=\"font-weight: 400;\">\u201cPersonal data shall be \u2026 processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures\u2026\u201d<\/span><\/i><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Alternatively, there\u2019s the Californian<\/span> <a href=\"\/blog\/trust-and-safety\/california-consumer-privacy-act\"><span style=\"font-weight: 400;\">CCPA<\/span><\/a><span style=\"font-weight: 400;\">: <\/span><i><span style=\"font-weight: 400;\">\u201c\u2026duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information\u2026\u201d<\/span><\/i><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">We can also look to<\/span> <a href=\"https:\/\/laws-lois.justice.gc.ca\/eng\/acts\/P-8.6\/page-2.html#docCont\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">PIPEDA<\/span><\/a><span style=\"font-weight: 400;\"> in Canada, which requires that <\/span><i><span style=\"font-weight: 400;\">\u201cPersonal information shall be protected by security safeguards appropriate to the sensitivity of the information.\u201d<\/span><\/i><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400;\">When it comes to reviewing applicable law for Annex Control 18.1 (Legal and contractual compliance), it quickly becomes apparent that while awareness of the legislation is key \u2014 and in some cases, regulation can clarify requirements or add specifics \u2014 achieving compliance<\/span> <a href=\"https:\/\/www.cpomagazine.com\/data-protection\/ccpa-compliance-going-beyond-compliance-checkboxes\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">requires more than a checkbox exercise<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1007\" height=\"476\" src=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/Global-privacy-laws.png\" alt=\"Global privacy laws\" class=\"wp-image-17759\" srcset=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/Global-privacy-laws.png 1007w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/Global-privacy-laws-740x350.png 740w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/Global-privacy-laws-68x32.png 68w\" sizes=\"(max-width: 1007px) 100vw, 1007px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-supplementing-iso-27001\"><b>Supplementing ISO 27001<\/b><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">Organizations looking to implement information security aligned with legislation or ISO 27001 need a project lead who is capable of identifying what rules apply, who has the technical writing skills to convey the requirements clearly, and who has sufficient authority to implement them consistently.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">It also means, particularly where a company will be handling sensitive information, that compliance can&#8217;t just stop at the level of \u201cencryption, there should be some,\u201d but instead needs to be supplemented with specifics.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Luckily, there are a number of technical frameworks and best practices that can be referenced to provide a solid foundation for ISO 27001 compliance.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-nist-cybersecurity-framework\"><b>NIST Cybersecurity Framework<\/b><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.nist.gov\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">The National Institute of Standards and Technology<\/span><\/a><span style=\"font-weight: 400;\"> (NIST), is a U.S. government institution that was tasked with developing voluntary guidance to manage and reduce cybersecurity risk.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">The framework was published in 2014 and updated in 2018, and is slightly more granular than the ISO 27001 standard. It is U.S.-centric, but provides a solid <\/span><a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/CSWP\/NIST.CSWP.04162018.pdf\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">set of cybersecurity requirements<\/span><\/a><span style=\"font-weight: 400;\">, where the categories under each function supply high-level aims, and the subcategories add more specific requirements.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">To compare the two, the ISO 27001 objective under \u201cresponsibility for assets\u201d is <\/span><i><span style=\"font-weight: 400;\">\u201cto identify organizational assets and define appropriate protection responsibilities.\u201d<\/span><\/i><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">That breaks down into:<\/span><\/p>\n\n\n\n<ul>\n<li><span style=\"font-weight: 400;\">An inventory of assets (assets and facilities associated with information processing shall be identified and inventoried)<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Defining who owns identified assets<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Documenting and implementing rules for the use of identified assets&nbsp;&nbsp;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">A requirement for users to return organizational assets on termination of employment\/contract<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400;\">The equivalent section in NIST Cybersecurity for asset management (<\/span><a href=\"https:\/\/www.nist.gov\/cyberframework\/identify\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">ID.AM<\/span><\/a><span style=\"font-weight: 400;\">) requires that organizations:<\/span><\/p>\n\n\n\n<ul>\n<li><span style=\"font-weight: 400;\">Specify assets (physical devices and systems, software platforms and applications)<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Map organizational communication and data flows<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Catalog external information systems<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Prioritize resources based on classification, criticality and business value<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Establish cybersecurity roles and responsibilities for the entire workforce and third parties<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400;\">Both these sections have the same basic goal, but NIST provides some additional topics that flesh out the ISO requirements while working through ISO 27001 certification.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Other frameworks that can be referenced while working through ISO 27001 are <\/span><a href=\"https:\/\/www.aicpa.org\/content\/dam\/aicpa\/interestareas\/frc\/assuranceadvisoryservices\/downloadabledocuments\/trust-services-criteria.pdf\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">SOC 2 Type 2 criteria<\/span><\/a><span style=\"font-weight: 400;\">, or COBIT.<\/span><\/p>\n\n\n\n<p>According to the <a href=\"https:\/\/blog.compliancecouncil.com.au\/blog\/iso-27001-vs-soc-2\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Australian Compliance Council<\/span><\/a>:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\">\n<p>Businesses shouldn\u2019t normally need to choose between the two frameworks or find them contradictory. Both allow a lot of flexibility for the specifics of achieving the required goals rather than prescribing specific measures.<\/p>\n\n\n\n<p>As well as having different scopes, the two frameworks will normally have their biggest effect on different layers of an organization\u2019s hierarchy. ISO 27001 covers a narrower, more specific area that\u2019s usually the realm of mid-level staff. COBIT covers a broader area that\u2019s more likely to involve decisions by top-level staff.<\/p>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"900\" height=\"386\" src=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/Cybersecurity-frameworks.jpg\" alt=\"Cybersecurity frameworks\" class=\"wp-image-17760\" srcset=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/Cybersecurity-frameworks.jpg 900w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/Cybersecurity-frameworks-740x317.jpg 740w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/Cybersecurity-frameworks-188x80.jpg 188w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/Cybersecurity-frameworks-75x32.jpg 75w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-owasp-guidance\"><b>OWASP guidance<\/b><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">The Open Web Application Security Project\u00ae (<\/span><a href=\"https:\/\/owasp.org\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">OWASP<\/span><\/a><span style=\"font-weight: 400;\">) is a non-profit group that aims to improve software security and offers a range of open-source tools and documentation.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Although ISO 27001 covers the need to address securing application services in Annex Control 14, OWASP\u2019s guidance can flesh out how to meet those requirements, particularly where a company develops its own software.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">A good example is the<\/span> <a href=\"https:\/\/owasp.org\/www-project-top-ten\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">OWASP Top Ten<\/span><\/a><span style=\"font-weight: 400;\">, which is a list of the most critical security risks to web applications. Incorporating steps to minimize these risks in complying with Annex Control 14.1 is a solid step towards operationalizing compliance.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Another OWASP offering to consider is the<\/span> <a href=\"https:\/\/owasp.org\/www-project-application-security-verification-standard\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Application Security Verification Standard<\/span><\/a><span style=\"font-weight: 400;\">. While this document will support compliance with Annex Control 14, there is also broad applicability in Annex Control 8 (Asset Management), Annex Control 9 (Access Control), Annex Control 12 (Operations Security), and Annex Control 18 (Compliance).<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-iso-27001-is-about-more-than-checkboxes\"><b>ISO 27001 is about more than checkboxes<\/b><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">The ISO 27001 is not a standard conducive to \u201ccheckbox compliance,\u201d or in other words, doing the bare minimum to meet the letter of the requirements. This standard is an excellent litmus test for how a given company views their information security. When efforts to ensure best practices are incorporated across all 114 controls, and a comprehensive suite of policies and procedures is in place and adhered to, <\/span><span style=\"font-weight: 400;\">it&#8217;s a very positive sign for the company&#8217;s information security and culture of compliance<\/span><span style=\"font-weight: 400;\">.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">In contrast, checkbox compliance has the potential to leave gaping holes in an organization\u2019s information security, with potential negative impacts on reputation, consumer trust, and continued operations.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Commitment to end-to-end compliance, transparency, and information security is increasingly vital in a world where large-scale data breaches are becoming commonplace and<\/span> <a href=\"https:\/\/l.ermetic.com\/wp-idc-survey-results?utm_campaign=IDC%20Survey%20Highlights\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">the infrastructure is increasingly complex<\/span><\/a><span style=\"font-weight: 400;\">. More than ever before, information security is a team sport: the days of a small IT team locked in a dark room with an industrial-sized coffee-maker are gone. The \u201chuman firewall\u201d is an incalculable asset, and, like any good wall, it doesn\u2019t function nearly as well if there are gaps.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"Personally identifiable information has been called \u201cthe new oil.\u201d This data is the touchstone of&#8230;","protected":false},"author":7,"featured_media":17761,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"footnotes":""},"categories":[337],"post-types":[148,172,205],"post-topics":[99,366,143],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.1 (Yoast SEO v22.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Optimizing ISO 27001 compliance: integrating cybersecurity frameworks<\/title>\n<meta name=\"description\" content=\"Numerous technical frameworks and best practices can be referenced to provide a solid foundation for ISO 27001 compliance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Optimizing ISO 27001 compliance: integrating cybersecurity frameworks\" \/>\n<meta property=\"og:description\" content=\"Numerous technical frameworks and best practices can be referenced to provide a solid foundation for ISO 27001 compliance.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance\" \/>\n<meta property=\"og:site_name\" content=\"Trulioo\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/trulioo\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-03T14:00:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-24T16:03:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/ISO-27001-compliance.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Bond Lai\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@trulioo\" \/>\n<meta name=\"twitter:site\" content=\"@trulioo\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bond Lai\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance\"},\"author\":{\"name\":\"Bond Lai\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/person\/c019180cc6a5cff73b8cce8518bd97b8\"},\"headline\":\"Optimizing ISO 27001 compliance: integrating cybersecurity frameworks\",\"datePublished\":\"2020-12-03T14:00:52+00:00\",\"dateModified\":\"2023-08-24T16:03:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance\"},\"wordCount\":1207,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.trulioo.com\/#organization\"},\"articleSection\":[\"Trust and Safety\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance\",\"url\":\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance\",\"name\":\"Optimizing ISO 27001 compliance: integrating cybersecurity frameworks\",\"isPartOf\":{\"@id\":\"https:\/\/www.trulioo.com\/#website\"},\"datePublished\":\"2020-12-03T14:00:52+00:00\",\"dateModified\":\"2023-08-24T16:03:11+00:00\",\"description\":\"Numerous technical frameworks and best practices can be referenced to provide a solid foundation for ISO 27001 compliance.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.trulioo.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trust and Safety\",\"item\":\"https:\/\/www.trulioo.com\/post-topics\/trust-and-safety\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Optimizing ISO 27001 compliance: integrating cybersecurity frameworks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.trulioo.com\/#website\",\"url\":\"https:\/\/www.trulioo.com\/\",\"name\":\"Trulioo\",\"description\":\"Building trust online (online identity verification services)\",\"publisher\":{\"@id\":\"https:\/\/www.trulioo.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.trulioo.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.trulioo.com\/#organization\",\"name\":\"Trulioo\",\"url\":\"https:\/\/www.trulioo.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png\",\"contentUrl\":\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png\",\"width\":2784,\"height\":1464,\"caption\":\"Trulioo\"},\"image\":{\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/trulioo\",\"https:\/\/twitter.com\/trulioo\",\"https:\/\/www.linkedin.com\/company\/trulioo\",\"https:\/\/www.instagram.com\/trulioo_global\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/person\/c019180cc6a5cff73b8cce8518bd97b8\",\"name\":\"Bond Lai\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8f17fb4de5ef8ab9d1c56147ad8d3b08?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8f17fb4de5ef8ab9d1c56147ad8d3b08?s=96&d=mm&r=g\",\"caption\":\"Bond Lai\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Optimizing ISO 27001 compliance: integrating cybersecurity frameworks","description":"Numerous technical frameworks and best practices can be referenced to provide a solid foundation for ISO 27001 compliance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance","og_locale":"en_US","og_type":"article","og_title":"Optimizing ISO 27001 compliance: integrating cybersecurity frameworks","og_description":"Numerous technical frameworks and best practices can be referenced to provide a solid foundation for ISO 27001 compliance.","og_url":"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance","og_site_name":"Trulioo","article_publisher":"https:\/\/www.facebook.com\/trulioo","article_published_time":"2020-12-03T14:00:52+00:00","article_modified_time":"2023-08-24T16:03:11+00:00","og_image":[{"width":900,"height":600,"url":"https:\/\/www.trulioo.com\/wp-content\/uploads\/2020\/12\/ISO-27001-compliance.jpg","type":"image\/jpeg"}],"author":"Bond Lai","twitter_card":"summary_large_image","twitter_creator":"@trulioo","twitter_site":"@trulioo","twitter_misc":{"Written by":"Bond Lai","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance#article","isPartOf":{"@id":"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance"},"author":{"name":"Bond Lai","@id":"https:\/\/www.trulioo.com\/#\/schema\/person\/c019180cc6a5cff73b8cce8518bd97b8"},"headline":"Optimizing ISO 27001 compliance: integrating cybersecurity frameworks","datePublished":"2020-12-03T14:00:52+00:00","dateModified":"2023-08-24T16:03:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance"},"wordCount":1207,"commentCount":0,"publisher":{"@id":"https:\/\/www.trulioo.com\/#organization"},"articleSection":["Trust and Safety"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance","url":"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance","name":"Optimizing ISO 27001 compliance: integrating cybersecurity frameworks","isPartOf":{"@id":"https:\/\/www.trulioo.com\/#website"},"datePublished":"2020-12-03T14:00:52+00:00","dateModified":"2023-08-24T16:03:11+00:00","description":"Numerous technical frameworks and best practices can be referenced to provide a solid foundation for ISO 27001 compliance.","breadcrumb":{"@id":"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.trulioo.com\/blog\/trust-and-safety\/iso-27001-compliance#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.trulioo.com\/"},{"@type":"ListItem","position":2,"name":"Trust and Safety","item":"https:\/\/www.trulioo.com\/post-topics\/trust-and-safety"},{"@type":"ListItem","position":3,"name":"Optimizing ISO 27001 compliance: integrating cybersecurity frameworks"}]},{"@type":"WebSite","@id":"https:\/\/www.trulioo.com\/#website","url":"https:\/\/www.trulioo.com\/","name":"Trulioo","description":"Building trust online (online identity verification services)","publisher":{"@id":"https:\/\/www.trulioo.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.trulioo.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.trulioo.com\/#organization","name":"Trulioo","url":"https:\/\/www.trulioo.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png","contentUrl":"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png","width":2784,"height":1464,"caption":"Trulioo"},"image":{"@id":"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/trulioo","https:\/\/twitter.com\/trulioo","https:\/\/www.linkedin.com\/company\/trulioo","https:\/\/www.instagram.com\/trulioo_global\/"]},{"@type":"Person","@id":"https:\/\/www.trulioo.com\/#\/schema\/person\/c019180cc6a5cff73b8cce8518bd97b8","name":"Bond Lai","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.trulioo.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8f17fb4de5ef8ab9d1c56147ad8d3b08?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8f17fb4de5ef8ab9d1c56147ad8d3b08?s=96&d=mm&r=g","caption":"Bond Lai"}}]}},"_links":{"self":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts\/17758"}],"collection":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/comments?post=17758"}],"version-history":[{"count":1,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts\/17758\/revisions"}],"predecessor-version":[{"id":37130,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts\/17758\/revisions\/37130"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/media\/17761"}],"wp:attachment":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/media?parent=17758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/categories?post=17758"},{"taxonomy":"post-types","embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/post-types?post=17758"},{"taxonomy":"post-topics","embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/post-topics?post=17758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}