ISO 27001 is about setting up an “ISMS” or Information Security Management System, aka a security program. It’s a framework of controls focused on managing risks, rather than the exact technical details of how to do that in, say, M365. 🧐