ISO 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005 and then revised in 2013.
A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. These reports are issued by independent third party auditors covering the principles of Security, Availability, Confidentiality, and Privacy.
ISO 9001 is defined as the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.
ISO 27701, is a privacy extension to ISO 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.
ISO 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems. It is part of the ISO 27000 family of standards, standards which provides best practice recommendations on information security management. This standard was built from ISO 27002, suggesting additional security controls for the cloud which were not completely defined in ISO 27002.
ISO 27018 is a security standard part of the ISO 27000 family of standards. It was the first international standard about the privacy in cloud computing services which was promoted by the industry. It was created in 2014 as an addendum to ISO 27001, the first international code of practice for cloud privacy. It helps cloud service providers who process personally identifiable information (PII) to assess risk and implement controls for protecting PII.