ISO 27001 Lab
Compare

Compare ISO 27001 with ISO 27002, ISO 19011, SOC 2, GDPR, and HIPAA

This compare section is designed to reduce common confusion. It separates laws from standards, certification from attestation, and implementation guidance from audit guidance.
ISO/IEC 27001Certifiable ISMS standard
Type
International standard
Norme internationale
Purpose
Define certifiable requirements for an information security management system.
Définir des exigences certifiables pour un système de management de la sécurité de l'information.
Who uses it
Organizations wanting a structured and certifiable ISMS.
Les organisations qui veulent un SMSI structuré et certifiable.
Law / standard / attestation
Standard, not a law.
Norme, pas une loi.
Relevance to businesses
Useful for customer assurance, governance, and operational discipline.
ISO/IEC 27002Control implementation guidance
Type
Guidance standard
Norme guide
Purpose
Explain and interpret the control set used alongside ISO 27001.
Expliquer et interpréter le jeu de mesures utilisé aux côtés de l'ISO 27001.
Who uses it
Security, compliance, and implementation teams.
Les équipes sécurité, conformité et mise en oeuvre.
Law / standard / attestation
Guidance standard, not a certification by itself.
Norme guide, pas une certification en soi.
Relevance to businesses
Helps teams make control implementation more practical and consistent.
ISO 19011Audit guidance for management systems
Type
Guidance standard
Norme guide
Purpose
Provide principles and guidance for auditing management systems.
Fournir des principes et lignes directrices pour l'audit des systèmes de management.
Who uses it
Internal auditors, audit programme owners, and audit teams.
Les auditeurs internes, responsables de programmes d'audit et équipes d'audit.
Law / standard / attestation
Guidance standard, not a law or attestation.
Norme guide, pas une loi ni une attestation.
Relevance to businesses
Useful for planning, sampling, evidence gathering, and audit discipline.
SOC 2Attestation framework
Type
Attestation report
Rapport d'attestation
Purpose
Assess controls against Trust Services Criteria through an auditor report.
Évaluer les contrôles vis-à-vis des Trust Services Criteria via un rapport d'auditeur.
Who uses it
Mostly SaaS and service organizations selling into North American markets.
Surtout les SaaS et prestataires vendant sur des marchés nord-américains.
Law / standard / attestation
Attestation, not a law.
Attestation, pas une loi.
Relevance to businesses
Often requested by customers as a control attestation rather than an ISMS certification.
GDPREU data protection law
Type
Law
Loi
Purpose
Protect personal data and govern lawful processing, rights, and accountability.
Protéger les données personnelles et encadrer la licéité du traitement, les droits et la responsabilité.
Who uses it
Any organization handling personal data in the EU context.
Toute organisation manipulant des données personnelles dans le contexte européen.
Law / standard / attestation
Law and regulatory obligation.
Loi et obligation réglementaire.
Relevance to businesses
Highly relevant in France because security, privacy, and accountability overlap in many projects.
HIPAAUS healthcare privacy and security law
Type
Law
Loi
Purpose
Protect healthcare information in the US through privacy and security requirements.
Protéger l'information de santé aux États-Unis via des exigences de confidentialité et de sécurité.
Who uses it
US healthcare entities and business associates.
Les entités de santé américaines et leurs partenaires.
Law / standard / attestation
US law.
Loi américaine.
Relevance to businesses
Relevant mainly when a French or European business serves US healthcare-related clients or markets.