ISO 27001:2013 is an information security standard that is a specification for an information security management system (ISMS).
The official title of the standard is “Information technology — Security techniques — Information security management systems — Requirements”. It helps organisations who aim to comply with multiple standards to improve their IT from different perspectives.
Organisations which meet the standard may be certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit.
ISO 27001:2013 has ten short clauses, plus a long annex, which cover:
1. The scope of the standard
2. How the document is referenced
3. The reuse of the terms and definitions in ISO 27000
4. Organizational context and stakeholders
5. Information security leadership and high-level support for policy
6. Planning an information security management system; risk assessment; risk treatment
7. Supporting an information security management system
8. Making an information security management system operational
9. Reviewing the system’s performance
10. Corrective action
Annex A: List of controls and their objectives.