What is required for ISO IEC 27001 certification? Documenting and implementing information security-related requirements (e.g., risk assessment requirements) are only part of the job if an organization wants to achieve certification. ISO 27001 requires organizations to perform the following general steps before they go for the certification: