# ISO Standards — Daily DevOps & .NET

> ISO/IEC 27001, 27017, and 27701 translated into .NET engineering: authentication flows, logging, data models, and Azure controls developers own.

Source: https://daily-devops.net/tags/iso-standards/
Generated: 2026-05-28

## About this topic

- [Topic landing page](https://daily-devops.net/tags/iso-standards/): ISO/IEC 27001, 27017, and 27701 translated into .NET engineering: authentication flows, logging, data models, and Azure controls developers own.
- [Back to all topics](https://daily-devops.net/tags/)
- [Site index](https://daily-devops.net/llms.txt)

## Articles tagged "ISO Standards" (26)

- [Your Privacy Docs Are Fiction: Let's Fix That with .NET CLI Tools](https://daily-devops.net/posts/privacy-audit-automation-dotnet-cli/): Quarterly audits can't catch PII added last Tuesday. Build .NET CLI tools that make compliance a build-time fact, not a spreadsheet fantasy.
- [Security Tests That Prove Themselves](https://daily-devops.net/posts/cli-security-testing-audit/): Build xUnit and WebApplicationFactory security tests that emit timestamped evidence tied to commit hashes. Retire the SharePoint screenshot folder.
- [Security Cosplay: Your Password-Only Admin Panel Isn't Fooling Anyone](https://daily-devops.net/posts/multi-factor-authentication-azure-ad-b2c/): Password-only admin authentication is security cosplay. How Azure AD B2C conditional MFA creates actual protection for privileged operations.
- [Certified, Filed, Forgotten: The Compliance Trainwreck](https://daily-devops.net/posts/compliance-verification-dotnet-cli/): Consultants paid. Docs filed. Then compliance becomes a Word doc ritual until an audit exposes the drift. CLI tools fix what checklists never could.
- [Who Ran That Migration? Audit Trails for .NET CLI Tools](https://daily-devops.net/posts/audit-trail-dotnet-cli-tools/): dotnet ef database update prints Success and forgets. Add structured logging, user identity, and correlation IDs so privileged CLI runs leave evidence.
- [Purpose Limitation in API Design: Leaking Data You Shouldn't](https://daily-devops.net/posts/purpose-limitation-api-design/): Why your API returns too much personal data and how ASP.NET Core resource-based authorization enforces data minimization at the endpoint level.
- [247 Strangers Have Root Access to Your Production](https://daily-devops.net/posts/supply-chain-security-github-dependabot/): npm install pulls 247 strangers past your vendor approval gate. Wire up Dependabot, dependency review, and SBOMs to satisfy ISO 27001 A.15 properly.
- ["Just Delete the User": Famous Last Words Before the GDPR Audit](https://daily-devops.net/posts/right-to-erasure-implementation-patterns/): That delete request touches 17 systems you'd forgotten existed. Here's how to erase data across distributed systems without nuking your database.
- [Why Your Azure Portal Clicks Will Fail the Next Audit](https://daily-devops.net/posts/infrastructure-as-code-compliance-bicep/): Azure Portal clicks fail ISO 27017 Control CLD 6.3.1. Move to Bicep so Git history becomes the audit trail and pull requests the change control.
- [Stop Deploying Garbage to Production](https://daily-devops.net/posts/continuous-deployment-security-gates/): Failing tests as warnings, secrets in Git, no approvals. Build GitHub Actions gates that enforce ISO 27001 A.14.2 and A.18.2 before production.
- [Privacy Health Checks: Beyond Database Connectivity](https://daily-devops.net/posts/privacy-health-checks-data-access-patterns/): Database connectivity is green, yet 15% of users have expired consents. Add IHealthCheck probes for consent, retention, and access anomalies.
- [Green Dashboard, Dead Application](https://daily-devops.net/posts/health-checks-operational-monitoring/): HTTP 200 from /health while users see timeouts. The process runs, but the database pool is exhausted. Check what matters, not if it breathes.
- [Your Azure SQL Backups Won't Save You (Here's Why)](https://daily-devops.net/posts/backup-recovery-azure-sql-database/): Azure SQL's seven-day default retention is a compliance time bomb. Configure long-term backup, geo-replication, and tested restores in Bicep.
- [Your Stack Traces Are Love Letters to Attackers](https://daily-devops.net/posts/error-handling-security-information-disclosure/): That helpful stack trace in your API response is a roadmap for attackers. Learn secure error handling that logs everything but reveals nothing.
- [Nobody Runs Your Cleanup Script (And Regulators Know It)](https://daily-devops.net/posts/data-retention-azure-storage-lifecycle/): Your retention policy wiki page won't survive a GDPR audit. Azure lifecycle policies delete data automatically — no forgotten scripts required.
- [Your Logout Button Is Lying: ASP.NET Session Security Done Right](https://daily-devops.net/posts/session-management-aspnet-authentication/): Most ASP.NET session configs pass code review but fail security audits. Learn what actually matters for cookie authentication and JWT tokens.
- [Your TLS Config is Probably Wrong: Five Audit Failures I Keep Finding](https://daily-devops.net/posts/encryption-transit-azure-frontdoor/): That TLS 1.0 you kept for backward compatibility? Auditors flag it every time. Here is how Azure Front Door enforces encryption that actually passes.
- [Trust Is Not a Control: ISO 27001 Compliance via GitHub](https://daily-devops.net/posts/change-control-github-branch-protection/): "We trust our developers" fails audits. GitHub branch protection makes ISO 27001 change control technically enforceable, not just documented.
- [Cookie Banners Won't Save You From ISO 27701](https://daily-devops.net/posts/consent-management-aspnet-identity/): Your "consent management" is probably a boolean column with no audit trail. Here's what ISO 27701 and GDPR Article 7 actually require in .NET.
- [NuGet Packages: The Suppliers You Forgot to Audit](https://daily-devops.net/posts/dependency-management-nuget-security/): dotnet add package invites unvetted suppliers into production. Enforce Central Package Management, signature checks, and vulnerability scans.
- [Your Azure SQL Is Public Right Now. ISO 27017 Demands You Fix It](https://daily-devops.net/posts/network-isolation-azure-vnet/): Azure defaults expose your database to the internet. ISO 27017 CLD 13.1.4 calls that a compliance failure. VNets and Private Endpoints fix it.
- [Your Encryption Is Broken — .NET Data Protection Done Right](https://daily-devops.net/posts/cryptography-dotnet-data-protection/): XOR operations and hardcoded keys fail audits. Learn how .NET Data Protection API with Azure Key Vault delivers real cryptographic compliance.
- [Your appsettings.json Is a Compliance Violation](https://daily-devops.net/posts/secrets-management-azure-keyvault/): That connection string in your config file violates ISO 27017. Azure Key Vault is not optional—it is the compliance minimum you have been ignoring.
- [Audit Logging That Survives Your Next Security Incident](https://daily-devops.net/posts/audit-logging-azure-app-insights/): Most audit logs fail when incidents happen. Structured logging with Application Insights creates trails auditors accept and engineers actually use.
- [Your [Authorize] Attribute Is Compliance Theater](https://daily-devops.net/posts/access-control-aspnet-core/): Your [Authorize] attributes fool developers but not auditors. ISO 27001 A.9 demands actual authorization — not role strings scattered across your codebase.
- [ISO/IEC 27001, 27017 & 27701 for .NET Developers — The Complete Series](https://daily-devops.net/posts/iso-standards/): Nearly 30 articles map ISO/IEC 27001, 27017, and 27701 to concrete .NET and Azure: secrets, access control, GDPR erasure, and supply chain security.

## Optional

- [Full site index for LLMs](https://daily-devops.net/llms.txt)
- [Full content of all articles](https://daily-devops.net/llms-full.txt)
- [RSS for this tag](https://daily-devops.net/tags/iso-standards/feed.rss)
- [Atom for this tag](https://daily-devops.net/tags/iso-standards/feed.atom)
- [JSON Feed for this tag](https://daily-devops.net/tags/iso-standards/feed.json)