ISO/IEC 27001:2013
The ISO/IEC 27001:2013 specifies requirements for establishing, implementing, maintaining, and improving the Information Security Management system within the context of your organisation. It also includes requirements for the assessment and treatment of information security risks, tailored to the needs of the organisation. This ISO's requirements are kept intentionally generic in order to apply to all organisations, regardless of industry or size.
ISO/IEC 27001:2013
The ISO/IEC 27001:2005 also covers all types of organisations - from commercial enterprises to government agencies, to nonprofit organisations. This ISO specifies the requirements for establishing, implementing, operating, monitoring, maintaining and improving the Information Security Management system within the context of your organisation's overall business risks. It also includes requirements for the implementation of security controls, customised to meet the needs of individual organisations.