ISO 27001 is applicable to any organisation where the misuse, corruption, or loss of its business or customer information could result in major commercial prejudice.
Organisations involved in storage and warehousing, secure destruction, telecommunications, advertising, financial outsourcing and software development activities can adopt this standard.
Whilst modern communication mediums mean that most ISMS systems are focused on ICT, ISO 27001 is equally applicable to other forms of information, such as paper records, images, and even conversations.
This standard includes major requirements of Information Security characterized such as