Information technology — Security techniques — Information security management systems — Requirements (Accreditation Service for Certifying Bodies)
ISO 27001:2013 is the international standard for information security that sets out the specification for an information security management system (ISMS). The information security management system standard’s best-practice approach helps organizations manage their information security by addressing people and processes as well as technology. Independently accredited certification to the ISO 27001 Standard is recognized around the world as an indication that your ISMS is aligned with information security best practices. Part of the ISO 27000 series of information security standards, ISO 27001 is a framework that helps organizations “establish, implement, operate, monitor, review, maintain and continually improve an ISMS”.
ISO 27001 is the only auditable international standard that defines the requirements of an information security management system (ISMS). An ISMS is a set of policies, procedures, processes, and systems that manage information risks, such as cyber-attacks, hacks, data leaks, or theft.