The ISO 27001:2005 standard covers twelve areas:

• security policy
• organisation of information security
• asset management
• human resources security
• physical and environmental security
• communications and operations
• management
• access control
• information systems acquisition, development and maintenance
• information security incident management
• business continuity management
• compliance