One of the key resources in modern business is information. Financial data, data on how the organization works, customer contacts, employee data, product and technology data, contracts, records, etc. they are only part of the sea of ​​information available to a modern organization.

This international standard specifies requirements for the establishment, implementation, operation, monitoring, review, maintenance and improvement of a documented ISMS within the context of overall business risks in the organization. It specifies the requirements for the implementation of security management adapted to the needs of individual organizations or their parts.

Adopting an ISMS is a strategic decision for a company. The design and implementation of an ISMS is influenced by needs and goals, security requirements, the processes used, and the size and structure of the organization. The standard can be used to assess compliance by internal and external parties.

A successfully designed and implemented information security management system, which includes people, processes and the IT system, provides security and assurance to users and business partners that information security is on the list of business priorities, as well as that it is handled professionally and responsibly. The standard treats information as an asset and provides basic guidelines for its preservation, safe management and use.

The application of ISO/IEC 27001 is especially intended for organizations that have internal and/or external information systems in their operations, data that is confidential, the functioning of business processes depends on the information system, and other organizations that want to adapt to the needs of today’s information security.