For organisations wishing to demonstrate that they have control over all information handled by them, developing a system to meet the requirements of ISO 27001 and then having it assessed by an independent 3rd party certification body demonstrates to both internal and external customers that all information is secure when handled by the organisation.