There are a number of different standards for information security - examples are the ISO / IEC 27000 standard family or the IT-Grundschutz standards of the BSI (Bundesamt für Sicherheit in der Informationstechnik, Germany). These are used to establish and operate information security management systems (ISMS).

In order to maintain a well-functioning ISMS, these standards must always be adapted to the respective circumstances of organizations. Further standards are, for example: ISIS12, PCI DSS, VDA ISA catalog, NIST CSF, and many more.