ISO/IEC 27001 is essential for all types of organisations such as commercial enterprises, government agencies, NGOs. It specifies the requirements for:

• establishing
• implementing
• operating
• monitoring
• reviewing
• maintaining
• improving

a documented Information Security Management System within the context of the organisation's overall business risks. It specifies requirements for the implementation of security controls tailored to the needs of individual organisations.