ISO 27003 or officially ISO/IEC 27003:2017 is an international standard that provides guidelines for information security management system (ISMS) implementation and is managed by International Organization for Standardization (ISO).
An ISMS is a framework of policies and procedures that helps an organization manage its information security risks. ISO 27003 provides guidance on how to plan, implement, maintain, and continually improve an ISMS. It covers a wide range of information security-related topics, including risk assessment and management, security policies, and physical and technical security controls.
View Drata Glossary
Learn more about other compliance and cybersecurity concepts in our glossary.