ISO/IEC 27001 is an international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS).
The standard forms the basis for effective management of sensitive, confidential information and for the application of information security controls.
An organization that conforms to the ISO/IEC 27001 standard possesses clear, objective proof of its commitment to continued improvement of control over its sensitive and confidential information.
ISO/IEC 27001 therefore provides reassurance to sponsors, shareholders and customers that the organization has expert control over its risk management and data security.
Due to the diversity of different organizations’ information assets – the ISO/IEC 27001 standard is adaptable according to an organization’s requirements.
The design and implementation of the ISMS is tailored to the organization’s objectives, information assets, operational processes, governing legal requirements and regulatory security requirements.