ISO 27001 sets out the necessities of information safety management system. ISO 27001 is a part of the ISO 27000 family of standards relating to information and cyber safety and proposals a inclusive set of controls, based on best practice in information security. Similar to the other management standards, it is suitable for organizations of all sizes. 70% of small businesses believe they are not a target for any data theft or misuse; it is a problem for either larger businesses or only those in the financial sector – this is simply not true. Any business holding data on individuals or companies can be an aim for fake, robbery, misuse or abuse, resulting in a long lasting loss of character and if a company’s systems are found negligent at keeping data secure, then it can result in prosecution.