ISO/IEC 27001 ISMS certification — increasingly customer-mandated
Information Security Management System per ISO 27001 increasingly required by customers + government.
Who must comply
Voluntary; commercially mandated by customers / tenders.
What triggers it
Customer or tender requirement.
When due
Continuous; surveillance audits + recertification cycle.
Evidence required
ISMS documentation; ISO 27001 certificate; audit reports.
Max penalty
Loss of certification + commercial / tender consequences
Summary
ISO/IEC 27001 sets requirements for an Information Security Management System (ISMS). Certification by accredited certification body (JAS-ANZ). Not legally mandated but: customer + government tender required; reasonable-steps evidence under APP 11; aligned with ASD ISM where applicable.
Enforced by
Topics
Source: https://www.iso.org/standard/27001. Rules Mate is not a law firm. Always verify against the live regulator source before acting.