The ISO IEC 27002 standard is all about information. Since information
can exist in many forms, the ISO IEC 27002 standard takes a very broad
approach. In the context of this standard, the term information includes
at least the following: electronic files, paper documents, recordings,
and communications (including conversations and messages).

ISO IEC 27002 can be used by any organization that needs to
establish a comprehensive information security management
program or improve its current information security practices.

Updated on March 7, 2013. First published on December 22, 2005.