About ISO 27001
ISO/IEC 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System (ISMS). The design and implementation of the ISMS is driven by the organization’s needs and objectives, security requirements, processes employed and its size and structure. The ISMS and its supporting systems are expected to change over time, and it is expected that the implementation will be scaled in accordance with the needs of the organization. E.g. a simple situation requires a simple ISMS solution.