The ISO 27001 standard defines a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). It uses the Plan-Do-Check-Act model to achieve its objectives and helps companies to meet their individual information security requirements and expectations. A company’s conformance to the requirements of this standard can be assessed and a successful assessment shows a strong commitment towards managing IT security using appropriate processes.

While ISO 27001 is a young standard it is already widely recognized and other frameworks for IT governance such as Cobit 4.1 have aligned their relevant sections with ISO 27001.The ISO 27001 standard is one part of the ISO 27000 family, which is concerned with aspects of IT security. Implementation of ISO 27001 is today supported by ISO 27002 which contains common IT security controls, ISO 27005 which specifies a risk management approach and other supporting standards are under development.