The Recommendation handles information security according to the following division:
– the definition of information security as a whole;
– a presentation of general principles relating to information security using the Recommendation of the OECD as the basis;
– an examination of the guidelines of national information security as a background factor;
– the placement of information security in the management by results framework between the Ministry and the office;
– a description of the handling of information security as an internal steering process of an office including policy and instructions as well as monitoring and evaluation.