ISO 27001
ISO 27001 is the international standard for information security management systems (ISMS), with Annex A containing specific controls for access management — including user access management, privileged access, user registration, access review, and password management.
⚙️ How Does It Work?
Organizations seeking ISO 27001 certification must implement controls covering: formal user access provisioning (A.9.2.2), privileged access management (A.9.2.3), password management (A.9.4.3), and regular access rights review (A.9.2.5).
📍 Where Is It Used?
Globally — ISO 27001 is the most widely recognized international security certification, adopted across industries and geographies.
💡 Real-World Example
A SaaS company pursues ISO 27001 certification to win enterprise contracts. The certification audit reveals gaps in access review processes. They implement SailPoint IGA to automate quarterly access certifications and produce audit evidence — passing the certification audit.
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →