ISO/IEC 27002 is designed for organizations to use as a reference for selecting controls within the process of implementing an Information Security Management System (ISMS) based on ISO/IEC 27001 or as a guidance document for organizations implementing commonly accepted information security controls. This standard is also intended for use in developing industry and organization specific information security management guidelines, taking into consideration their specific information security risk environment(s).