The ISO 27001 describes how to manage information security aspects by defining a security governance system which allows to assess, monitor and treat an organization’s risks.
The ISO identifies certain and specific security audit (Logical, Physical and Procedural), aimed to treat known vulnerabilities and risks, consequently, the adoption of suitable strategies and security policies for that organization.

The information security life cycle identified by the ISO27001 provides an ongoing process, identifiable in 4 stages (PLAN-DO-CHECK-ACT), and allows the information security  management, monitoring and enhancement as illustrated below:


The process provides a set of activities and deliverables from the Security Policies formalization to the Risks Analysis – associated with information assets used to deliver business processes, related Action Plans / Security Management processes’ treatment – to the procedures and instructions drafting.