ISO/IEC 27001 is under revision, and ISO/IEC 27002:2022 – Information Security, Cybersecurity And Privacy Protection – Information Security Controls has been released. The latest revision of ISO/IEC 27002 was published in February 2022, and ISO/IEC 27001 will follow shortly thereafter. The International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) joint technical committee, ISO/IEC JTC 1, is changing the structure of the ISO/IEC 27001/27002 control framework after nearly 20 years.
What Is the Difference Between ISO/IEC 27001 and ISO/IEC 27002?
Organizations can achieve certification to ISO/IEC 27001 but not ISO/IEC 27002. ISO/IEC 27001 documents requirements for establishing, implementing, maintaining, and continually improving an information security management system, while ISO/IEC 27002 is designed for organizations to use as a reference for selecting controls and provides guidelines for information security management practices including the implementation and management of controls, taking into consideration the organization’s information security risk environment. Organizations can get certified to standards that contain requirements but cannot get certified to standards that provide guidance.
Leave a Reply
You must be logged in to post a comment.