ISO 27001 Information Security Management system provides a comprehensive set of controls comprising the best practices in information security.
ISO 27001 applies to information systems used by organizations in industry and commerce, including information processing technology in the area of networks and communications. Organizations complying with these standards should assess security risks, select controls and develop guidelines.
ISMS ISO 27001 specifies various controls and requirements. The annexure of the standard carries a list of controls and their objectives. There are total 114 controls in 14 groups in the standard ISO 27001:2013 (Refer Annexure –A).