Cybersecurity is evolving — Strike Graph is leading the way.
Check out our newest resources.
Find answers to all your questions about security, compliance, and certification.
Find out why Strike Graph is the right choice for your organization. What can you expect?
Find out why Strike Graph is the right choice for your organization. What can you expect?
You’re probably already familiar with ISO 27001, which establishes a framework for how organizations should manage the security of their data via an Information Security Management System, or ISMS.
But what is ISO 27002?
Put simply, ISO 27002 provides guidance on the implementation of controls from ISO 27001 Annex A. Most recently—on February 15, 2022—ISO 27002: 2013 was updated to 27002: 2022.
The biggest differences include changes made to Annex A, the grouping of domains, and the introduction of new controls.
Let’s take a look at each of those now.
In the 2013 release, there were are 114 ISO 27001 Annex A controls divided into 14 categories:
In the 2022 release, however, the number of controls was decreased from 114 to 93 and are now grouped in 4 main domains:
The new controls released with 27002: 2022 include:
Whereas ISO 27001 only provides a brief description of each control in one or two sentences, ISO 27002 gives more detailed guidance, dedicating an average of one page per control. However, ISO 27002 makes no distinctions between the controls that actually apply to a particular business, which is why both ISO 27001 and ISO 27002 must be used in concert.
And ISO 27002 isn’t ISO 27001’s only supplementary standard:
Refer to ISO 27002 once you’ve planned your ISO 27001 and ISMS implementation and have identified the exact controls that you’ll be implementing. This way, you can leverage ISO 27002 to learn more about how each control works.
Remember, each control protects your organization’s valuable information, which is why it’s important to review ISO 27002 to learn how to best select the appropriate measures for your business based on the vulnerability, risk, and threat domain. By using ISO 27002 as a guide for identifying appropriate security controls within the process of implementing an ISMS, you’ll help ensure your organization’s selection, implementation, and management of controls is sound.
Last but not least, it’s important to note that ISO 27002 is a reference for selecting security controls, rather than a certification process in and of itself; ISO 27001 is the certified standard that ISO 27002 supports.
The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.
Strike Graph offers an easy, flexible security compliance solution that scales efficiently with your business needs — from SOC 2 to ISO 27001 to GDPR and beyond.
© 2024 Strike Graph, Inc. All Rights Reserved • Privacy Policy • Terms of Service
Find out why Strike Graph is the right choice for your organization. What can you expect?
Find out why Strike Graph is the right choice for your organization. What can you expect?