ISO/IEC 27001 is one of the world's most recognized standards for information security. The certification process of ISO/IEC 27001 is rigorous and comprehensive, which requires enterprises to establish and implement a complete management system in the confidentiality, integrity and availability of information assets.