ISO/IEC 27001

INFORMATION SECURITY MANAGEMENT

Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not obligatory. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed. ISO does not perform certification.

source: https://www.iso.org/isoiec-27001-information-security.html