ISO 27001 is an international standard for information security management. It defines an information security management system (ISMS) framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. The presentation covered the 11 domains of ISO 27001, including security policy, asset management, human resources security, access control, and compliance. Benefits of certification and lessons learned from the certification process were also discussed.