ISO 27001:2013 ISMS is a standard responsible for Information Security management System published in October 2005 by International Organization of Standardization and the International Electrotechnical Commission . It legally defines a management system that is meant for information security under comprehensive management control.Organizations that claim to have adopted ISO/IEC 27001 can therefore be formally audited and certified compliant with the standard.
Technical security controls such as antivirus and firewalls are not normally audited in ISO/IEC 27001 certification auditsand its is is essentially presumed that the organization have acquired all mandatory information security controls since the overall ISMS is in place and is deemed adequate by satisfying the requirements of ISO/IEC 27001.