What Is ISO 27001?
ISO 27001 is the international standard for Information Security Management Systems (ISMS). Published by ISO and IEC, it provides a framework for establishing, implementing, maintaining, and improving information security within an organisation.
The standard requires organisations to assess information security risks systematically, implement controls to address those risks, and demonstrate ongoing management and improvement. Certification is awarded by accredited third-party auditors following a formal audit process.
The current version is ISO/IEC 27001:2022, which replaced the 2013 edition. The revision reorganised controls from 14 domains into four themes, reduced the total from 114 to 93, and introduced 11 new controls addressing threat intelligence, cloud security, data masking, and secure coding. Organisations certified to the 2013 edition must transition by 31 October 2025.
Who Needs It?
ISO 27001 applies to any organisation that wants to demonstrate information security maturity. Certification is voluntary, but increasingly required by customers, regulators, and partners as a condition of doing business.
Technology and Service Providers
Organisations supplying software, connectivity, or platforms to enterprise customers. OEMs and large enterprises require certification before supplier onboarding, particularly when systems handle vehicle telemetry, driver data, or operational information.
Fleet and Logistics Operators
Organisations handling sensitive operational data at scale. A breach or access control failure can trigger regulatory penalties, contract terminations, and reputational damage. Certification demonstrates that data security is actively managed.
Connected Device Manufacturers
Producers of telematics units, sensors, or IoT hardware. Device manufacturers are part of supply chains that OEMs must secure under regulations like UN R155. Certification demonstrates that development and support processes meet recognised standards.
Management System Requirements
TTMI cybersecurity capabilities are available as an integrated component of SAAN Mobility or as a standalone service for organisations using other systems.
Regulatory Alignment
TTMI maintains continuous alignment with international cybersecurity standards, updating platform controls as regulations evolve. Our architecture aligns with international requirements for cybersecurity engineering, software integrity, and information security management.
Frequently Asked Questions
We answer the questions that drive cybersecurity decisions.