ISO 27001 is an information security management system. A company operating using ISO 27001 has a management system in place which addresses all the required sections of the standard.

Simplistically, it means the business has considered their information security risks, addressed controls on their information and most importantly, information security management is the responsibility of senior management.

It is Sam's view that ISO 27001 is a valuable system and a useful attribute to look for in a partner company. It demonstrates that a business is thinking about the risks of information security. It also shows that a company have a management who are willing to take responsibility of the information security in relation to their business.

More information about what ISO 27001 really means is provided in my What is ISO 27001:2005 article.

If you would like to discuss your ISO 27001 implementation or internal auditing then contact SRC for a free confidential consultation.