An international standard for managing information security. It proves a company has a formal system (ISMS) to manage risks related to data security, involving everything from physical office security to how they code.