ISO/IEC 27001 is the international standard for information security. It sets out the specification for an effective ISMS (information security management system). ISO 27001's best-practice approach helps organization's manage their information security by addressing people, processes and technology.
The primary goal of the ISO 27001 regulation is to guide organizations into creating, implementing, and enforcing an ISMS. This ISMS describes the controls, processes, and procedures that the company has put in place to ensure the confidentiality, integrity, and availability of the data in its possession.