An international standard for managing information security. It provides a framework for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS) to protect sensitive data and minimize security risks.