ISO/IEC 27001 - Applicable Industries
One of the most valuable characteristics of ISO 27001 is that unlike many other Information Security standards it can be used to provide a security framework in a wide range of organizations – from small, medium or large enterprises, and for most commercial and industrial market sectors.
It is commonly used for example in finance and insurance, telecommunications, healthcare, utilities, retail and manufacturing sectors, various service industries and transportation sectors, as well as government and many others.
ISO/IEC 27001:2013 specifies the processes to enable a business to establish, implement, review, monitor, manage and maintain an effective Information Security Management System (ISMS), which is the organization defined framework for information security.
A company may decide to seek formal certification of its ISMS for many reasons including:
- Contractual or regulatory requirements
- To meet customer preferences or requirements
- As an extension of a risk management program, and
- To help motivate staff by setting clear information security goals.