ISO 27001 offers a framework for developing an Information Security Management System (ISMS) for an organization that wants to protect its information assets from all possible risks. Any type of an organization can refer to this framework and develop its own information security management system. Once all applicable requirements are addressed, the organization can get this information security management system certified from a third party certification body.