This International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
ANSI/INCITS/ISO/IEC 27001:2005 history
2005ANSI/INCITS/ISO/IEC 27001:2005 Information technology - Security techniques - Information security management systems - Requirements