The number of the users of the standard ISO/IEC 27001 for Information Security is increasing continuously, which is reflected in the growing number of organizations that are getting certified by an independent certification body such as CIS.
ISO 27001 is relevant primarily because it offers a systematic and risk-based approach that makes information security risks visible and thus controllable. Digitization, complexity, increasing dependence on information-processing processes, and the simultaneous professionalization of organized crime lead to a continuous increase in the importance of "secure" information processing, and systematic approaches to risk management, such as those offered by ISO 27001, are becoming much more important.
In addition to the "classic" maintenance of confidentiality, availability and integrity of information, the topic of compliance has clearly moved into the focus of companies in this context. The associated issues of transparency, traceability and state of the art as well as liability minimization are key drivers for the implementation of an information security management system according to ISO 27001, as these topics are excellently addressed by the closed control loops of this international standard.