IT security, cybersecurity, and privacy protection are vital for companies and organizations today. The ISO/IEC 27000 family of standards are designed to assist organizations in developing comprehensive information security and data privacy programs to avoid threats from evolving cybercrimes, lack of employee awareness and training, and violations of laws and regulations and the costly fines and reputational damages that could result should a breach or other incident occur. ISO/IEC 27001 is the perhaps one of the world’s best-known standards for information security management; however, additional best practices in data protection and cyber resilience are covered by several other standards in the ISO/IEC 27000 family. Together, these standards enable organizations of all industries and sizes to manage the security and privacy of their information assets and those entrusted to them by third parties. We’ll also discuss where these standards stand now that ISO/IEC 27001:2022 has been published as of late 2022. Specific standards that we will cover in our presentation will include: • ISO/IEC 27001 (ISMS) – the foundational element • ISO/IEC 27017 (cloud services security) • ISO/IEC 27018 (protection of PII in public clouds for PII processors) • ISO/IEC 27701 (PIMS) – and complementary GDPR certification frameworks such as Europrivacy Seal and the overlap with the EU Cloud Code of Conduct