It is worth noting that ISO 27001 is part of a family of documents in the ISO 2700x framework series. ISO 27001 sets out the controls according to which companies can certify their ISMS. It is first and foremost a governance framework that determines who is responsible for implementing, reviewing and improving the specific safety measures included in the ISO 27001 standard.
The purpose of an ISMS is to regulate and firmly establish processes and responsibilities for managing IT security within an organization. The ISO 27001 framework sets out requirements for the implementation, operation and continuous improvement of an information security management system (ISMS). The ISO 27001 framework, officially titled ISO/IEC 27001, is a standard for IT security procedures developed by the International Organization for Standardization (ISO) in collaboration with the International Electrotechnical Commission (IEC).
