The official title of the standard is "Information technology — Security techniques — Information security management systems — Requirements"
ISO/IEC 27001:2013 has ten short clauses, plus a long annex, which cover:
1. Scope of the standard
2. How the document is referenced
3. Reuse of the terms and definitions in ISO/IEC 27000
4. Organizational context and stakeholders
5. Information security leadership and high-level support for policy
6. Planning an
information security management system; risk assessment; risk treatment
7. Supporting an information security management system
8. Making an information security management system operational
9. Reviewing the system's performance
10. Corrective action Annex A: List of
controls and their objectives
This structure mirrors other management standards such as ISO 22301 (business continuity management) and this helps organizations comply with multiple management systems standards if they wish. Annexes B and C of 27001:2005 have been removed.