The ISO 27001:2013 standard is focused on protecting the confidentiality, integrity and availability of data in the company. This is achieved by recognizing the potential pitfalls that can happen to data (risk assessment), and the definition of procedures that have to be followed to prevent such problems.