The international standard ISO/IEC 27001 Information technology - Security techniques - Information security management systems - Requirements specifies the requirements for establishing, implementing, maintaining and continuously improving a documented information security management system, taking into account the context of an organisation. In addition, the standard includes requirements for assessing and addressing information security risks according to the individual needs of the organisation. All types of organisations (e.g. commercial enterprises, governmental organisations, non-profit organisations) are considered. The standard was also published as a DIN standard and is part of the ISO/IEC 2700x family.

The standard specifies requirements for the implementation of suitable security mechanisms, which are to be adapted to the circumstances of the individual organisations. The German part of this international standardisation project is supervised by DIN NIA-01-27 IT Security Procedures.

ISO/IEC 27001:2005 was designed to ensure the selection of appropriate security mechanisms to protect all assets in the value chains (see scope of ISO/IEC 27001, ...organisation's overall business risk).