ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements.
When it comes to keeping information assets secure, organizations can rely on the ISO/IEC 27000 family.
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
The term information security is generally based on information being considered as an asset which has a value requiring protection, for example, against the loss of availability, confidentiality and integrity.