The ISO 27001 standard defines how to organise information security in a business. ISO 27001 is considered the foundation of information security management.
ISO 27001 provides a methodology to implement information security in an organisation. Organisations are allowed to be certified, which implies that an independent certification body has confirmed that information security has been implemented in the best way possible.
The standard has become a basis for legislatures for drawing up different regulations in the field of personal data protection, protection of confidential information, protection of information systems, management of operational risks in financial institutions, etc.