ISO / IEC 27001 Information technology - Security techniques - Information security management system - is an international standard defining the requirements for an information security management system. The system focuses on the protection of information throughout the organization, its processes and the IT tools used.

The standard contains the following chapters:

  1. Subject of the standard
  2. Reference documents
  3. Terms and definitions
  4. The context of the organization
  5. Leadership role
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improving

The current annexes are a mandatory overview Table A.1 - Objectives of the measure and individual measures Sometimes also known as the Statement of Applicability.