Without a formal Information Security Management System (ISMS), organisations are left vulnerable and can struggle to achieve their business goals and protect their information assets.
ISO/IEC 27001 is the international standard that defines best practice for an ISMS. It is safe to say that this standard is the foundation of information security management and applies to any kind of organisation, private or government, profit or non-profit, small or large.
ISO/IEC 27001 provides a reliable framework for protecting against cyber crime, improving corporate governance, and recovering from accidents.
The latest update to the ISO 27001 standard was published in October 2013 and replaces ISO 27001:2005 as the pre-eminent international standard.