ISO/IEC2700 1 is an information security management system standard jointly issued by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides requirements and guidance for organizations to establish, implement, maintain and continuously improve the information security management system. ISO/IEC2700 1 standard includes the requirements of information security policy, organization, resource management, security control and compliance evaluation, aiming at helping organizations to establish a comprehensive information security management system, protect the confidentiality, integrity and availability of information assets, prevent the occurrence of information security incidents, and respond and recover in time.