ISO/IEC 27001 is the international standard that defines the requirements for an Information Security Management System (ISMS). The standard was introduced to ensure adequate security controls were implemented in operating an organization.

The Benefits of ISMS

The principal objective is to help establish, develop, maintain and continually improve an effective information management system. It employs principles and controls to govern the security of information and network systems. This serves to minimize risk and ensures that security continues to fulfill necessary internal processes as well as customer and legal requirements.
The security controls are to implement confidentiality, and integrity and ensure working practices are in place to safeguard any data and information of ‘interested parties. Included in this are customers, employees, partners (suppliers), and the general public.

Organizations that manage without significant controls and protected systems are more vulnerable to fraud and viruses, security breaches, and lost data as critical information can be accessed without their permission.
The standard is particularly popular where information protection is critical, such as in the finance, health, public, and IT sectors (especially IT outsourcing companies).