ISO/IEC 27001 is a standard setting out the necessities for an Information Security Management System (ISMS), the certificate, outlines the rules for defining, operating, reviewing, maintaining, , implementing, establishing, monitoring and improving a documented Information Security Management System within the context of an organization's overall business risks. The standard is designed to ensure the selection of satisfactory and proportionate security controls that care for information assets and give confidence to interested parties including an organization's customers. Every business trusts they have insurance to cover contingencies such as fraud and robbery, but they don’t understand they also owe a duty of care which if not exercised can lead to any insurance claim being declined. ISO 27001 supports organizations to treat data safety extremely, putting in systems and procedures to guard against the risk of security breaches or misuse of data. It works with your business and the kind of data it holds, whether that is bank account details, staff records, passwords, or customer confidential info.