CoverageGLOBAL

ISO Standards Hub What Is Included

A coverage map of ISO standards and what they help you implement.

Use this to pick the right standard (and bundle) based on your objective and evidence needs.

Back to main artifactReview sources
Author
Sorena AI
Published
Mar 4, 2026
Updated
Mar 4, 2026
Sections
3

Structured answer sets in this page tree.

Primary sources
6

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Mar 4, 2026
Updated Mar 4, 2026
Overview

This hub covers the ISO standards that most often show up when teams need a certifiable governance backbone plus deeper operating guidance for risk, cloud, incidents, suppliers, continuity, and AI. The point is not to collect standards. The point is to choose the right combination, use the current editions, and maintain evidence that stays useful.

Section 1

Coverage map: what each standard in this hub is actually best at

Each standard in the hub solves a different class of problem. Some define management systems. Others add specialist control depth or process detail that the management system alone does not provide.

Use the standard for its strongest job instead of forcing a single standard to cover governance, cloud, incident management, supplier assurance, and AI all at once.

  • ISO/IEC 27001: ISMS governance, audit structure, and certification-oriented evidence
  • ISO/IEC 27005: information security risk method and treatment structure
  • ISO/IEC 27017 and ISO/IEC 27018: cloud control depth and public-cloud PII processor expectations
  • ISO/IEC 27035: incident management series covering process, preparation, and ICT response operations
  • ISO/IEC 27036: supplier relationship security series covering overview, requirements, ICT supply chain depth, and cloud guidance
  • ISO 22301: business continuity management system
  • ISO/IEC 42001: AI management system and AI governance
Section 2

Current-series notes that matter before you adopt

This hub is grounded to the current or current-series state reflected in the underlying pages. That matters because several of these standards are evolving or multi-part.

Examples already reflected in the repo include ISO/IEC 27018:2025 on the ISO listing, ISO/IEC 27035-1:2023 and 27035-2:2023 with 27035-3:2020, ISO/IEC 27036-1:2021 through 27036-4:2016, and ISO/IEC 42001:2023.

  • Check edition and series part before procurement, policy references, or customer commitments
  • Where an implementation model uses an earlier grounded edition, record that assumption clearly
  • Do not summarize a multi-part standard as if it were a single flat checklist
Section 3

Evidence artifacts that travel well across the bundle

The standards become economical when their evidence is shared. One index can support security audits, supplier reviews, customer questionnaires, and regulation mapping if it is organized well.

The most reusable artifacts are the ones that show governance, risk decisions, operating control, and review cadence rather than polished narrative only.

  • Scope statements, inventories, owners, and edition assumptions
  • Risk assessments, treatment decisions, and residual-risk acceptance
  • Operational evidence such as monitoring outputs, incident records, change approvals, and supplier assurance records
  • Internal audit outputs, management-review decisions, corrective-action closure proof
  • Third-party evidence such as contracts, clause deviations, and monitoring cadence records
Recommended next step

Use ISO Standards Hub What Is Included as a cited research workflow

Research Copilot can take ISO Standards Hub What Is Included from clarifying scope and applicability with cited answers to a reusable workflow inside Sorena. Teams working on ISO Standards Hub can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow
Open Research Copilot for ISO Standards Hub What Is Included

Start from ISO Standards Hub What Is Included and answer scope, timing, and interpretation questions with cited outputs.

Explore next step
Talk to Sorena
Talk through ISO Standards Hub

Review your current process, evidence gaps, and next steps for ISO Standards Hub What Is Included.

Explore next step
Primary sources

References and citations

Related guides

Explore more topics

Choose the Right ISO Standard (27001, 27005, 27017, 27018, 27035, 27036, 22301, 42001)
A practical decision guide to choose the right ISO standard by objective: ISMS certification (ISO 27001), risk management (ISO 27005).
ISO Standards Hub FAQ (27001, 27005, 27017, 27018, 27035, 27036, 22301, 42001)
FAQ for ISO standards selection and implementation: what certification means, which standard to start with.
ISO Standards vs Regulations (How to Combine Both)
Standards vs regulations explained: what ISO standards do (governance + controls + evidence) vs what laws require (scope + obligations + enforcement).