Information security is a hot topic these days. Starting with the General Data Protection Regulation (or GDPR) in Europe, the rules around data protection have been tightened. More and more organizations are choosing to structure their information security based on ISO 27001. It is the most popular standard for information security worldwide.
The ISO 27001 standard describes how information can be secured by process. The standard also sets requirements for establishing, implementing, monitoring, assessing, maintaining and improving a documented Management System. In the case of this standard, that system is called ISMS (Information Security Management System). This includes the periodic performance of a risk analysis to remove risks related to information security.
In addition to information security risks and awareness, ISO 27001 also addresses, for example, reporting and handling security incidents, business continuity management and supplier performance with respect to information security.