LOG IN

Which is the best? Essential 8 vs ISO27001.

The Essential 8 and ISO 27001 are two different approaches to information security management.

 

The Essential 8 is a standard produced by the Australian Government – ASD (Australian Signals Directorate) and ACSC (Australian Cyber Security Centre). It is the top 8 Cyber Protections from their list of their 37 Cyber Protections (https://www.cyber.gov.au/acsc/view-all-content/publications/strategies-mitigate-cyber-security-incidents). 

ISO27001 is a standard produced by the ISO (International Organization of Standards). It involved more than 100 Cyber Experts sharing their experience to develop a list of 114 Cyber Protections (controls).

Essential 8 and ISO27001 are both Cyber Standards with lists of protections (controls) and were developed from Cyber Experts with experience in dealing with Cyber attacks. If we compare the ASD/ACSC 37 against the ISO27001 there is a lot of overlap. ISO27001 has more documentation and processes that enable good Cyber Protection such as a list of all your assets so you know what you are protecting from Cyber attack. 

Alternatively Essential 8 is a smaller list with a focus on malware protection. Compared with ISO27001 it is missing a lot (Refer to picture) and can appear a bit malware protection focused.

Essential 8 is aimed as a minimum for government businesses so it wasn’t built to be business friendly. Essential 8 also has conflicting protections (patching vs application allowlisting) which increase IT management costs beyond acceptable for many businesses. This is why they had to introduce a maturity level to allow reduced protections for each of the 8 Cyber Protections.

Where possible we would recommend looking at ISO27001 or ASD/ACSC 37 over Essential 8 as they are more comprehensive. Where Essential 8 is required, as a business, you may not have the choice but if you have the capacity we would still recommend applying some or all of the controls of ASD/ACSC 37. 

If you need some help implementing or discussing Essential 8, ASD/ACSC 37 or ISO27001 contact the Cyber Experts at Vertex Cyber Security.

CATEGORIES

- - -

TAGS

- -

SHARE

Follow Us!

Facebook Twitter Linkedin Instagram
Cyber Security by Vertex, Sydney Australia

Your partner in Cyber Security.

Terms of Use | Privacy Policy

Accreditations & Certifications

blank
blank
blank
blank
blank
  • 1300 229 237
  • Suite 13.04 189 Kent Street Sydney NSW 2000 Australia
  • 121 King St, Melbourne VIC 3000
  • Lot Fourteen, North Terrace, Adelaide SA 5000
  • Level 2/315 Brunswick St, Fortitude Valley QLD 4006, Adelaide SA 5000

(c) 2025 Vertex Technologies Pty Ltd.

download (2)
download (4)

We acknowledge Aboriginal and Torres Strait Islander peoples as the traditional custodians of this land and pay our respects to their Ancestors and Elders, past, present and future. We acknowledge and respect the continuing culture of the Gadigal people of the Eora nation and their unique cultural and spiritual relationships to the land, waters and seas.

We acknowledge that sovereignty of this land was never ceded. Always was, always will be Aboriginal land.