Purpose \u2013 After 15 years of research, this paper aims to present a review of the academic literature on the ISO/
IEC 27001, the most renowned standard for information security and the third most widespread ISO
certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theorybased research agenda to inspire interdisciplinary studies in the field.
Design/methodology/approach \u2013 The study is structured as a systematic literature review.
Findings \u2013 Research themes and sub-themes are identified on five broad research foci: relation with other
standards, motivations, issues in the implementation, possible outcomes and contextual factors.
Originality/value \u2013The study presents a structured overview of the academic body of knowledge on ISO/IEC
27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined,
with the aim to inspire future interdisciplinary studies at the crossroad between information security and
quality management. Managers interested in the implementation of the standard and policymakers can find an
overview of academic knowledge useful to inform their decisions related to implementation and regulatory
activities
