A useful orientation article from ImmuniWeb. ISO/IEC 27001 is a global standard designed to establish, maintain and continuously improve a corporate Information Security Management System (ISMS) to protect corporate data in a holistic manner. It is jointly developed and maintained by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
Service Organization Control (SOC), designed and maintained by the American Institute of Certified Public Accountants (AICPA), is not a certification but rather a set of interrelated auditing reports validating proper implementation of internal controls by service companies.