ISO/IEC 27001 is the international standard that establishes requirements for an Information Security Management System (ISMS), which is a systematic approach for managing and protecting an organization's sensitive information. An ISMS ensures that all information assets, both digital and physical, are managed systematically to maintain confidentiality, integrity, and availability