Information technology - Security techniques - Information security management systems - Requirements

This International Standard covers all types of organizations (e. g. commercial enterprises, governmentagencies, non-profit organizations). This International Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organizationaes overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.