ISO 27001:2013, Information Security Management Systems, is applicable to all types of organizations, including commercial enterprises, government agencies and HGOs. It describes the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system. ISO 27001:2013 encompasses an organization's overall business risks and specifies requirements for the implementation of security controls.
As your business grows, the security risk to your information assets also grows. ISO 27001:2013 describes the internationally accepted model for managing information security management systems (ISMS). A certified ISMS is a business tool that reduces risk to your information assets by:
Systematically examining your organization's security risks, including impacts, threats and vulnerabilities
Integrating your organization's information security/information technology programs
Providing one platform to manage the security compliance of regulations (such as Sarbanes-Oxley (SOX) and Department of Health and Human Services privacy rules (HIPAA))
Aligning information security with your overall business objectives