The ISO/IEC 27001:2013 outlines the guidelines for creating, executing, and upgrading an information security management system customized to the organization’s setting. The standard also covers criteria for assessing and addressing information security risks in a manner that fits the organization’s requirements.