International standard specifying the requirements for an information security management system, with Annex A defining 93 controls.