ISO 27001 defines how to organise information security in an
organisation. ISO 27001 is considered the foundation of information security
management.
ISO 27001 aims to provide an approach to implement
information security in an organisation. An organisation can get certified,
which means that an independent certification body has confirmed that
information security has been implemented in the best way possible.
ISO 27001 has become a basis for legislatures for drawing up
different regulations in the field of personal data protection, protection of
confidential information, protection of information systems, management of
operational risks in financial institutions, etc.