ISO/IEC 27000:2012 describes the overview and the vocabulary of information security management systems, which form the subject of the ISMS family of standards, and defines related terms and definitions.ISO/IEC 27000:2012 is applicable to all types and sizes of organisation (e.g. commercial enterprises, government agencies, not-for-profit organisations).