ISO / IEC 27001 defines the requirements for establishing an effective information security management system.

It provides a detailed framework of controls to be considered for applicability as part of the management system. The controls are split between, organisational, people, physical and technological functions and control types are categorised as preventive, detective or corrective. Together, this helps you to identify the areas of your organisation that hold the biggest information security risks.