What is the primary purpose of ISO 27001?

The primary purpose of ISO 27001 is to specify requirements for an information security management system (ISMS). This standard provides a systematic framework for managing sensitive company information, ensuring its confidentiality, integrity, and availability. By implementing an ISMS, organizations can identify and mitigate risks related to their information assets, thereby enhancing their security posture and complying with various legal and regulatory requirements.

While other choices address important management systems and practices, they do not align with the core focus of ISO 27001. Establishing quality management systems, outlining environmental management practices, and assessing employee performance in security are related to different standards and frameworks that do not specifically target information security management. Therefore, option B accurately reflects the intent and primary focus of ISO 27001, which is to create a robust framework for managing information security risks.