ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
According to its documentation, ISO 27001 was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.” ISO 27001 uses a top down, risk-based approach and is technology-neutral.
ISO 27001 draws coordination between all sections of an organization and enhances management responsibility, ensures continual improvement, conducts internal audits and undertakes corrective and preventive actions.
ISO 27001 helps to protect information assets and give confidence to interested parties including an organisation’s customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organisation’s ISMS.