MS ISO/IEC 27001 - The Information Security Management System
This standard was adopted to address the topic of information security management. The ISMS provides a framework to initiate, implement, maintain and manage information security within an organisation.
MS ISO/IEC 27002 - Code of Practice for Information Security Management
This is a standard code of practice which contains guidelines to be followed to set up and implement the ISMS. It an be regarded as a comprehensive catalogue of good security things to do.
Both Standards are on sale at the Mauritius Standards Bureau.