This is an information security standard, and it determines the management system designed to bring the security of information under the control of the management. ISO/IEC 27001 is the only international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls.
This helps you to protect your information assets and give confidence to any interested parties, especially your customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your ISMS.
ISO/IEC 27001 is suitable for any organization, regardless its size and location. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors.