With the rapid development of information technology，In particular, the advent of the Internet and the use of online transactions，Information security problems such as system breakdown, hacker intrusion, virus infection, web page rewriting, loss of customer information and leakage of company internal information have also appeared，It has a serious impact on the organization's management, survival and even national security。为此，The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have jointly issued the international standard ISO/IEC 27001 "Information Technology - Security Technology - Information Security Management System - Requirements".，Designed for all types of organizations，Including government, banking, telecommunications, research institutions, outsourcing service enterprises, software service enterprises, etc，Provide models for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system，It also stipulates the implementation requirements of safety control measures developed to meet the needs of different organizations or their departments。The ISO/IEC 27001 standard addresses information security in its broadest sense, providing the best business practice guidelines and principles for organizations to implement, maintain and manage information security, and can be used as a basis for third-party certification。China is equivalent to the use of GB/T 22080-2008 standard。

The scope includes public, commercial and product production。