ISO 27002

ISO 27002

Information technology - security techniques - code of practice for information security controls

Information technology - security techniques - code of practice for information security controls

Red Overlay
ISO 27002 Information technology - security techniques - code of practice for information security controls
ISO 27002 Information technology - security techniques - code of practice for information security controls
Red Overlay

What is ISO/IEC 27002?

ISO/IEC 27002 on its second edition published as ISO/IEC 27002:2013 Information Technology. Security Techniques. Code of practice for information security controls – is a guidance document used as reference for selecting, implementing, and managing controls for both, organizations with an information security management systems (ISMS) based on ISO/IEC 27001, it provides details on the Annex A listed controls; and for any organization with information security best practices in place, wishing to implement commonly accepted information security controls.

What you need to know about ISO/IEC 27002

The standard ISO/IEC 27002:2013 information technology - security techniques - code of practice for information security controls has been revised and is expected to be published in February this year under the ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection - information security controls edition.

All organizations with an ISMS or information security good practices will have to map and update their controls in place against the new guidance on the updated ISO/IEC 27002, according to the organisational needs and context.



Why BSI

BSI has been at the forefront of ISO 27001 since it was developed and it was originally based on BS 7799, the first information security management system standard developed by BSI in 1995. From then, BSI has been involved in the development and updating process for the entire ISO 27000 family of standards.

BSI is committed to a secure digital world and helps build information resilience in organizations worldwide.