The standard covers a wide range of associations (e.g. business undertakings, government organizations, non-benefits), all sizes (from smaller scale organizations to gigantic multinationals), and all ventures or markets (e.g. retail, saving money, resistance, social insurance, training and government). This is unmistakably a wide short.
ISO/IEC 27001 formally indicates an Information Security Management System (ISMS), a suite of exercises concerning the administration of data dangers (called 'data security dangers' in the standard). The ISMS is an all-encompassing administration structure through which the association recognizes, breaks down and addresses its data dangers.
ISO/IEC 27001 does not formally command particular data security controls since the controls that are required differ extraordinarily over the extensive variety of associations embracing the standard. The data security controls from ISO/IEC 27002 are noted in attach A to ISO/IEC 27001, rather like a menu.