ISO 27001:2013 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system within an organization. It includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The standard provides a framework for best-practice information security management and helps organizations protect their information assets in a systematic and cost-effective way through the adoption of an ISMS.