ISO 27001 defines how to organise information security in an organisation. ISO 27001 is considered the foundation of information security management.
ISO 27001 aims to provide an approach to implement information security in an organisation. An organisation can get certified, which means that an independent certification body has confirmed that information security has been implemented in the best way possible.
ISO 27001 has become a basis for legislatures for drawing up different regulations in the field of personal data protection, protection of confidential information, protection of information systems, management of operational risks in financial institutions, etc.