ISO-27001-EDI
The ISO ISMS standard — globally recognised certification.
Definition
ISO/IEC 27001:2022 (major revision of 2013 edition) has 93 controls in Annex A (organisational 37, people 8, physical 14, technological 34). For EDI, key controls: A.5.23 (info security for cloud), A.5.34 (privacy), A.8.24 (use of cryptography), A.8.32 (change management). 3-year certification, annual surveillance.
Origin
First 27001 edition in 2005 (based on BS 7799). 2013 then 2022.
Example in context
A corporate EDI hub ISO 27001-certified with scope = "hosted EDI services (AS2, AS4, SFTP) for third-party clients".
Related terms
- SOC 2 — US counterpart.