ISO/IEC 2700 outlines how to build and maintain an information security management system and served as a baseline for certification. It originated as the British Standard BS7799, which had two parts that described control objectives and controls to meet objectives, and how to set up a security program. ISO/IEC 27001 specifies the requirements for an information security management system against which an organization's compliance can be audited. ISO/IEC 27002 provides best practice recommendations for information security controls covering areas such as information security policies, asset management, and architecture.