In the face of technological advances and, as a result, the increasing threat of the loss of growing amount of data collected by financial institutions, it seems necessary to employ effective security measures in the process of information management. The necessity to implement information security management systems (ISMS) by all institutions processing personal data is reflected in national legislation. The requirements resulting from contemporary hazards and legal provisions are concurrent with the requirements of the international standard ISO/IEC 27001, concerning the designing of the information security management system. This standard is most widely used by IT companies, however, the financial sector that collects and a processes huge amount of personal data, constitutes its significant recipient. Most of the companies certified by this standard come from the Eastern Asia and Pacific region, dominated by Japan, and from Europe, where the United Kingdom is the leader. In Poland the use of ISO/IEC 27001 is growing, yet the financial institutions that fulfill its requirements are still in a minority. It seems that from May 2018 on, national regulations imposing greater responsibility for the security of personal data on the institutions processing it, will bring the above-mentioned standard into focus.