ISO/IEC 27001 sets out the requirements for an information security management system (ISMS). An ISMS includes people, processes and IT systems by applying a risk management process, and is a systematic approach to managing sensitive company information so that it remains secure. ISO/IEC 27002 gives guidelines for the best Information Security management practices that help an organization to build confidence in their inter-organizational activities and implement a suitable set of controls, including policies, processes, organizational structures and software and hardware functions.