ISO/IEC 27002
What is ISO/IEC 27002?
ISO/IEC 27002An international code of practice that provides detailed guidance and implementation advice for the information security controls listed in ISO/IEC 27001 Annex A.
ISO/IEC 27002 is a companion standard to ISO/IEC 27001 that provides detailed guidance on selecting, implementing, and managing information security controls. The 2022 edition reorganized controls into four thematic groups — organizational, people, physical, and technological — for a total of 93 controls. For each control, the standard explains the purpose, implementation guidance, and other relevant information. Unlike ISO/IEC 27001, ISO/IEC 27002 is not certifiable, but it is the practical reference that organizations and consultants use when designing their ISMS, writing security policies, or aligning with the controls in Annex A.
● Examples
- 01
A security architect using 27002 guidance to design access-management policies.
- 02
A consultant mapping 27002 controls to client security policies.
● Frequently asked questions
What is ISO/IEC 27002?
An international code of practice that provides detailed guidance and implementation advice for the information security controls listed in ISO/IEC 27001 Annex A. It belongs to the Compliance & Frameworks category of cybersecurity.
What does ISO/IEC 27002 mean?
An international code of practice that provides detailed guidance and implementation advice for the information security controls listed in ISO/IEC 27001 Annex A.
How do you defend against ISO/IEC 27002?
Defences for ISO/IEC 27002 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for ISO/IEC 27002?
Common alternative names include: ISO 27002, 27002.