The ISO / IEC 27002 is part of the family of ISO / IEC ISMS, the ISO / IEC 27000 is a standard on information security published by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) as ISO / IEC 17799:2005 and subsequently renamed ISO / IEC 27002:2005 in July 2007, to follow the other rules of the ISO / IEC 27000.

Is defined Information technology - Security techniques - Code of practice for information security management. The current version is a revised version published by ISO / IEC in 2000, which copy word for word the British Standard (BS) 7799-1:1999.

The ISO / IEC 27002 provides the best (best practice) recommendations on the management of information security from those who are responsible for the creation, implementation or maintenance of a Safety Management System Information [(Information Security Management Systems ( ISMS)].

Information security is defined within the standard in the context of the CIA triad:

• the safeguard of the Confidentiality | Confidentiality (ensuring that information is accessible only to those who have been authorized access);
• Integrity | Integrity (safeguarding the accuracy and completeness of the information and methods of preparation);
• Availability | Availability (ensuring that authorized users can gain access to information and assets associated with these if required).