An international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization’s overall business risks.