ISO/IEC 27001 promotes a holistic approach to information security: vetting people, policies and technology. An information security management system implemented according to this standard is a tool for riziko management, cyber-resilience and operational excellence. The GDPR applies to two t