ISO/IEC 27040:2015提供了详细的技术指导，说明组织如何通过对数据存储安全的规划、设计、文档编制和实施采用经过充分验证和一致的方法来定义适当的风险缓解水平。存储安全适用于对存储信息的保护（安全），以及通过与存储相关的通信链路传输的信息的安全。存储安全包括设备和介质的安全、与设备和介质相关的管理活动的安全、应用程序和服务的安全，以及在设备和介质使用寿命期间和使用结束后与最终用户相关的安全。 存储安全与拥有、操作或使用数据存储设备、介质和网络的任何人都相关。这包括高级经理、存储产品和服务的收购方以及其他非技术性经理或用户，此外还包括对信息安全或存储安全、存储操作负有特定责任的经理和管理员，或负责组织的总体安全计划和安全策略制定的经理和行政人员。 它还与参与存储网络安全体系结构方面的规划、设计和实施的任何人员相关。 ISO/IEC 27040:2015提供了存储安全概念和相关定义的概述。它包括与典型存储场景和存储技术领域相关的威胁、设计和控制方面的指导。此外，它还提供了对其他国际标准和技术报告的参考，这些标准和报告阐述了可应用于存储安全的现有做法和技术。

ISO/IEC 27040:2015 provides detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection (security) of information where it is stored and to the security of the information being transferred across the communication links associated with storage. Storage security includes the security of devices and media, the security of management activities related to the devices and media, the security of applications and services, and security relevant to end-users during the lifetime of devices and media and after end of use. Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. This includes senior managers, acquirers of storage product and service, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security or storage security, storage operation, or who are responsible for an organization's overall security program and security policy development. It is also relevant to anyone involved in the planning, design, and implementation of the architectural aspects of storage network security. ISO/IEC 27040:2015 provides an overview of storage security concepts and related definitions. It includes guidance on the threat, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other International Standards and technical reports that address existing practices and techniques that can be applied to storage security.