ISO 27001 是指國際標準化組織（International Organization for Standardization）制定的《ISO/IEC 27001：資訊安全管理系統》標準，用於指導組織建立、實施、維護和持續改進資訊安全管理系統（Information Security Management System，ISMS）。

ISO 27001 的目標是確保組織的資訊資產得到適當的保護，包括機密性、完整性和可用性。該標準提供了一套全面的框架和方法，幫助組織識別、評估和管理與資訊安全相關的風險，並制定相應的控制措施。

ISO 27001 涵蓋了多個方面，包括資訊安全政策、組織內部的資訊安全管理、人員安全、資訊資產管理、存取控制、加密、供應商管理、風險評估和處理、事件管理等。通過實施 ISO 27001，組織可以建立一個系統化的方法，確保資訊安全風險得到適當控制，同時提高組織的資訊安全水平。

ISO 27001 refers to the standard "ISO/IEC 27001: Information Security Management System" developed by the International Organization for Standardization (ISO). It provides guidance for organizations to establish, implement, maintain, and continually improve an Information Security Management System (ISMS).

The goal of ISO 27001 is to ensure that an organization's information assets are appropriately protected, including confidentiality, integrity, and availability. The standard provides a comprehensive framework and methodology to assist organizations in identifying, assessing, and managing risks related to information security, and to establish corresponding control measures.

ISO 27001 covers various aspects, including information security policies, internal organization of information security management, personnel security, information asset management, access control, encryption, supplier management, risk assessment and treatment, incident management, and more. By implementing ISO 27001, organizations can establish a systematic approach to ensure proper control of information security risks and enhance their overall information security level.