Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management

Information Security Certifications for Organizations

This post summarizes some certifications for organizations (and not for individuals or professionals) related somehow to information security or cybersecurity.


List of Information Security Certifications for Organizations

Information Security Certifications for Organizations featured on this post:

  • ISO/IEC 27001
  • ISO/IEC 27701
  • ISO/IEC 15408
  • ISO 22301
  • SOC 2 Type 2
  • STAR
  • ENS

ISO/IEC 27001

ISO/IEC 27001 is an international standard about managing information security management systems (ISMS).

It can be audited.

ISO/IEC 27701

ISO/IEC 27701 is a privacy extension of 27001.

It can be audited as an extension of ISO/IEC 27001.

ISO/IEC 15408

ISO/IEC 15408, also known as Common Criteria for Information Technology Security Evaluation, Common Criteria or CC, is a standard for computer security.

ISO 22301

ISO 22301 is an international standard about business continuity.

It can be audited.

SOC 2 Type 2

SOC stands for System and Organization Controls, and it is a set reports.

There are 3 types of SOC reports, and the second of them is SOC 2 “Trust Services Criteria”. Like SOC 1, is intended for a limited audience.

A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating.


STAR (Security, Trust, Assurance and Risk) certification may be achieved by organizations offering cloud services.
STAR certification is managed by Cloud Security Alliance (CSA).


Esquema Nacional de Seguridad (ENS) is a very specific certification for organizations of Spain. It is required by any organization that belong to Spain Public Administration or private organizations providing a service to them.


About pmgallardo

I studied Computer Science at University of Salamanca. Since then, I have been working first as developer and then as SAP consutant. This blog is about problems I dealt when using computers, and more important, the solutions I found. Whenever I am on an issue and suddenlly I have a flash that leads me to a solution, I document my discoveries in a post.

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply


Política de privacidad
Studii Salmantini. Campus de excelencia internacional