ISO/IEC 27001 Information Security Management System (ISMS) is a standard designed to ensure that adequate and proportional security controls are selected. This system requires institutions to prepare risk management and risk treatment plans, duties and responsibilities, business continuity plans, emergency incident management procedures and keep records of these in practice. The institution should publish an information security policy that includes all these activities and should raise awareness of its personnel about information security and threats. Information security management, as a living process in which the selected control objectives are measured and the suitability and performance of the controls are constantly monitored, can only be achieved with the active support of the management and the participation of the personnel.
The Information Security Management System helps you protect your information assets and give confidence to the relevant parties, especially your customers. This standard takes a process approach to create, implement, operate, monitor, review, maintain and improve your Information Security Management System.
ISO/IEC 27001 is suitable for all organizations, large or small, from any country or industry in the world. This standard is particularly necessary in areas where the protection of information is of paramount importance, such as the finance, healthcare, government and IT sectors.
ISO/IEC 27001 is also essential for organizations that manage information on behalf of others, such as IT outsourcing companies, and can be used to reassure customers that their information is protected.
Benefits of ISO 27001 System:
It allows to protect its assets. It determines the controls and protection methods it will establish and protects it by applying it.
It provides business continuity. In addition, in the event of a disaster, it is possible to continue working.
It gains the trust of the relevant parties, especially its suppliers, as its information will be protected.
It provides high prestige.
Ways to Follow While Obtaining ISO 27001 Certificate:
It starts with the classification of assets,
Evaluation of assets according to confidentiality, integrity and accessibility criteria,
Risk analysis,
Determining the controls to be applied according to the risk analysis outputs,
Creating documentation,
applying controls,
internal examination,
keeping records,
management review,
It is completed with the certification process.
English 
Hungarian