Security

ISO/IEC 27001:2022

International gold standard for an Information Security Management System. The 2022 revision restructures the Annex A controls to align with ISO 27002:2022.

Authority: ISO/IEC
Version: 2022
Jurisdiction: Global
Source: iso.org
Last reviewed: 2026-04-28
Last verified: pending

What it is

ISO/IEC 27001:2022 — the international standard specifying requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). Certification is by accredited third-party auditors.

Why it matters

European and APAC enterprise buyers often prefer ISO 27001 to SOC 2; many regulated industries (finance, healthcare) require it. Achieving it once and maintaining surveillance audits is cheaper than answering bespoke questionnaires forever.

Who it applies to

Organizations selling to European or international enterprise buyers, or operating in regulated industries.

How WQI scores it

Web Quality Index considers this standard satisfied when all of the 3 supporting factors pass.

#	Factor	Status
4	Security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, X-Content-Type-Options)	live
6	WordPress REST API user enumeration exposure	live
7	Sensitive path exposure (.git, .env, /admin, xmlrpc.php, wp-login.php)	live

Related standards

See also: SOC 2 , NIST CSF , PCI DSS

Standards that share factors with this one

Auto-computed from overlapping factor tickets in satisfiedBy, excluding standards already listed under "See also" above. Strong overlap suggests these standards rise and fall together when sites are scored.

Other references

spec ISO/IEC 27002:2022 — Code of practice for controls