Gives guidance and commentary on the requirements specified in the information security management system (ISMS) standard ISO/IEC 27001:2013 and provides guidance on the complete 'life cycle' of ISMS activities required to establish, implement, monitor and continually improve a set of management controls and processes to achieve effective information security.