Clients who have purchased ISO/IEC 27002:2022 will automatically receive BS EN ISO/IEC 27002:2022 when it becomes available.
What is ISO/IEC 27002 - Information security controls about?
This international standard is in effect a reference handbook for choosing controls for use within an Information Security Management System (ISMS) based on BS EN ISO/IEC 27001. ISO/IEC 27002:2022 can also be used as a guidance document by any organization wanting to implement commonly accepted information security controls.
Who is ISO/IEC 27002 - Information security controls for?
Users will typically be information security professionals and management who create, collect, process, store, transmit and dispose of information in various forms including electronic, physical and verbal (e.g. conversations and presentations), such as:
- Chief information security officers (CISO)
- Cyber security risk analysts/advisors
- Information security consultants
- Risk managers in compliance and information security
What does ISO/IEC 27002 - Information security controls cover?
It provides a reference set of generic information security controls including implementation guidance and is designed to be used by organizations:
- Within the context of an ISMS based on BS EN ISO/IEC 27001
- For implementing information security controls based on internationally recognized best practices
- For developing their own information security management guidelines
Why should you use ISO/IEC 27002 - Information security controls?
This standard can help users:
- Identify suitable and proportionate security controls within the process of setting up an ISMS
- Achieve best practice in information security management
- Meet legal, statutory, regulatory and contractual requirements in relation to information security
- Strengthen risk management and reduce the likelihood of information security breaches
- Increase confidence in the organization’s ISMS
ISO/IEC 27002:2022 contributes to UN Sustainable Development Goal 9 on industry, innovation and infrastructure.
What’s new about ISO/IEC 27002 - Information security controls?
This is a revision of BS EN ISO/IEC 27002:2017. The key changes in ISO/IEC 27002:2022 are:- The phrase “Code of Practice” has been omitted to reflect better its purpose of being a reference set of information security controls
- It provides a comprehensive coverage of the varied ways in which information security controls can be described
- Some controls have been merged, some deleted, and several new ones added
- The 2021 edition provides references to the 2013 edition control identifiers to better facilitate companies’ transition to the latest edition