ISO/IEC 27001:2005

The International Organization for Standardization/International Electrotechnical Commission Standard 27001 (ISO/IEC27001) is an auditable international standard that specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system within the context of the organization's overall business risks. It uses a process approach for protection of critical information.