ISO/IEC 27001 is the international standard that defines requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) across an organization.

Step 1: Scope of ISO/IEC 27001

ISO/IEC 27001 applies broadly to all information assets, including IT systems, business processes, and organizational data, regardless of industry.

Step 2: Contrast with ISA/IEC 62443

ISA/IEC 62443 focuses specifically on Industrial Automation and Control Systems, addressing OT-specific risks such as safety, availability, and real-time constraints. While 62443-2-1 aligns with ISMS principles, it is not a general-purpose ISMS standard.

Step 3: Complementary use

Organizations commonly use ISO/IEC 27001 for enterprise-wide information security and ISA/IEC 62443 for OT/IACS environments.

Thus, the standard focused on protecting sensitive information across all organizational systems via an ISMS is ISO/IEC 27001.