ISO / IEC 27001:2013 is a Standard for the Establishment of an Information Security Management System (ISMS). It focuses on the proper organization, regulation and setting of policies regarding the use of information systems and applications, however, introducing the concept of "Information Assets" which can be:
- external storage media,
- people (e.g. employees, partners) and
- anything else that transmits, receives, stores and / or processes information,
it examines through a Risk-based methodology the criticalness of each element and the corresponding level of control.
The Standard addresses all types and sizes of Organizations, including public and private Companies, Government Agencies and non-profit Organizations, which aim to ensure the information they maintain and process.