It is intended to provide the foundation for third party audit, and is 'harmonized' with other management standards, such as ISO 9001 and ISO 20000.

The basic objective of the standard is to help establish and maintain an effective information management system, using a continual improvement approach. It implements OECD (Organization for Economic Cooperation and Development) principles, governing security of information and network 

The standard covers all types of organizations (e.g. commercial enterprises, government agencies and non-profit organizations). It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall risk management processes. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. It does not mandate specific information security controls.

The adoption and implementation of ISO/IEC 27001 provides an organisation a number of benefits, including:

• Assurance
• Interoperability
• Bench Marking
• Increased awareness
• Increased alignment.

The contents of the standard are:

• Management Responsibility
• Internal Audits
• ISMS Improvement
• Annex A - Control objectives and controls
• Annex B - OECD principles and this international standard
• Annex C - Correspondence between ISO 9001, ISO 14001 and this standard