ISO 27001 Purpose and Use

The International Organization for Standardization (ISO) has developed the ISO 27001 Standard to be widely applicable for many purposes, including:

  • To assist organizations in formulating information security requirements and objectives;

  • To assist organizations in ensuring that security risks are cost effectively managed;

  • To assist organizations in complying with laws and regulations;

  • To provide organizations with a process framework for the implementation and management of controls to meet security objectives.

  • To assist in the definition of new information security management processes;

  • To assist in the identification and clarification of existing information security management processes;

  • For use by Management of organizations to determine the status of information security management activities;

  • For use by internal and external auditors of organizations to determine the degree of compliance with Information Security policies, directives and standards adopted by an organization;

  • For use by organizations in providing relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;

  • To assist in the implementation of business-enabling information security; For use by organizations in providing relevant information about information security to internal and external stakeholders.

Back to FAQs