ISO/IEC 27002

What is ISO 27002?

ISO/IEC 27002, the most recent of which is ISO 27002:2013, has a close association with ISO 27001. Broadly speaking, it gives guidance on the implementation of ISO 27001.

ISO 27002:2013 is a Code of practice for the information security management system (ISMS) controls and goes into a much higher level of detail than the Annex A controls of ISO 27001.

You cannot certify against ISO 27002 because it is not a management standard.

 

Related blog articles:

The ISO 27001:2013 Statement of Applicability (SoA): Simplified

Julia Heron is the ISMS Solutions Specialist for ISMS.online and is responsible for customer adoption and success.

ISMS Online Rating: 5 out of 5