ISO 27001 concerns international best practices that organizations follow for the secured management of information. It specifies measures, what effects they have and how to implement them.

The standard defines the desired best practice methods for controlling (Protecting) information - Confidentiality, Integrity & Availability and it requires to be audited and registered by a third party Certification Body.

In today's IT driven world, organizations are seeking to demonstrate to their stakeholders, business partners and customers, some form of 'fit for purpose' assurance regarding their information security.