ISO 27001 represents current thinking from ISO regarding Information Security Management Systems.
ISO 27001 formalises an Information Security Management System (ISMS) that is intended to bring information security under management control. Most organisations have a number of information security controls already in place. However, without an ISMS, those controls tend to be somewhat disorganised and disjointed. ISO 27001 typically addresses certain aspects of IT or data security, including non-IT information assets such as paperwork and proprietary knowledge, which are less well protected on the whole.
ISO 27001 encompasses Business Continuity Planning and Physical Security as well as IT and Information Security, whilst also assigning information security roles and responsibilities to staff throughout the organisation.