Recommends requirements, procedures and controls for information systems design, implementation and operation to safeguard information resources of organizations from external and internal security threats, either accidental or intended. It includes a comprehensive list of terms relating to information security. It is primarily intended as a reference document for personnel responsible for implementing and maintaining information security. It is based on BS 7799 and includes appendices with legislation relevant to Australia and New Zealand as well as guidelines and principles from the Organization for Economic Cooperation and Development (OECD).