ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisations information risk management.
Works on a top-down, technology-neutral, risk-based approach
Defining a security policy, defining the scope of ISMS, conducting risk assessment, managing assessed risks, picking control objectives that are to be implemented and preparing the statement of applicability.
Coordination between all sections of an organization and enhances management responsibility, ensures continual improvement, conducts internal audits and undertakes corrective and preventive actions.