The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27k' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

The series provides best practice recommendations on information security management - the management of information risks through information security controls - within the context of an overall Information security management system (ISMS), similar in design to management systems for quality assurance (the ISO 9000 series), environmental protection (the ISO 14000 series) and other management systems.

The series is deliberately broad in scope, covering more than just privacy, confidentiality and IT/technical/cybersecurity issues. It is applicable to organizations of all shapes and sizes. All organizations are encouraged to assess their information risks, then treat them (typically using information security controls) according to their needs, using the guidance and suggestions where relevant. Given the dynamic nature of information risk and security, the ISMS concept incorporates continuous feedback and improvement activities to respond to changes in the threats, vulnerabilities or impacts of incidents.

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure.

The security of sensitive information should be a top priority for any type of business. From client phone numbers to financial details, if this data is breached and lands in the wrong hands, it can have a very serious negative impact on your business. Ask yourself: if sensitive information is leaked, would it hurt your business? Put yourself in the clients’ shoes and determine how you would feel if your information was stolen by hackers. Would it affect your trust in that vendor? Would you do business with them again?

If you want to protect your sensitive information, then you must have an adequate information security program.

ISO 27001:2013 (ISO 27001) is one of the industry leading standards used to implement a strong Information Security Management System (ISMS). ISO 27001 will help your company determine where the most important risks are and implement a process to mitigate or reduce those risks. An ISMS gives you the freedom to grow and innovate, while remaining confident that your sensitive information remains protected.