An international standard specifying requirements for an Information Security Management System (ISMS), with certification issued by accredited bodies.
ISO/IEC 27001 is published by ISO and IEC. Unlike SOC 2's audit report, ISO 27001 results in a certificate issued by an accredited certification body after an external audit, valid for three years with annual surveillance audits. Its control set (Annex A) overlaps heavily with SOC 2's Trust Services Criteria, which is why cross-mapping between the two is common.
Looking for another term or the full list?