Standard

ISO/IEC 27002:2022

Information security, cybersecurity and privacy protection. Information security controls

Current

•

Published:

15 Feb 2022

Clients who have purchased ISO/IEC 27002:2022 will automatically receive BS EN ISO/IEC 27002:2022 when it becomes available.

A tracked changes version of this standard is available. ISO/IEC 27002:2022 TC is the latest version of the standard that includes the original standard content and recent changes. Shop now.

**What is ISO/IEC 27002 - Information security controls about?**

This international standard is in effect a reference handbook for choosing controls for use within an Information Security Management System (ISMS) based on ISO/IEC 27001. ISO/IEC 27002 can also be used as a guidance document by any organization wanting to implement commonly accepted information security controls.

**Who is ISO/IEC 27002 - Information security controls for?**

Users will typically be information security professionals and management who create, collect, process, store, transmit and dispose of information in various forms including electronic, physical, and verbal (e.g. conversations and presentations), such as:

Chief information security officers (CISO)
Cyber security risk analysts/advisors
Information security consultants
Risk managers in compliance and information security

**What does ISO/IEC 27002 - Information security controls cover?**

It provides a reference set of generic information security controls including implementation guidance and is designed to be used by organizations:

Within the context of an ISMS based on ISO/IEC 27001
For implementing information security controls based on internationally recognized best practices
For developing their own information security management guidelines

**Why should you use ISO/IEC 27002 - Information security controls?**

ISO/IEC 27002 can help users:

Identify suitable and proportionate security controls within the process of setting up an ISMS
Achieve best practices in information security management
Meet legal, statutory, regulatory, and contractual requirements in relation to information security
Strengthen risk management and reduce the likelihood of information security breaches
Increase confidence in the organization’s ISMS

ISO/IEC 27002 contributes to UN Sustainable Development Goal 9 on industry, innovation, and infrastructure.

**What’s new about ISO/IEC 27002 - Information security controls?**

ISO/IEC 27002:2022 is a revision of BS EN ISO/IEC 27002:2017. The key changes in ISO/IEC 27002:2022 are:

The phrase “Code of Practice” has been omitted to reflect better its purpose of being a reference set of information security controls
It provides a comprehensive coverage of the varied ways in which information security controls can be described
Some controls have been merged, some deleted, and several new ones added
The 2022 edition provides references to the 2013 edition control identifiers to better facilitate companies’ transition to the latest edition

Product Details

Descriptors

—

ICS Codes

35.030 IT Security

35.040 Information coding

Committee

IST/33/1

International relationships

—

ISBN

—

Publisher

ISO, IEC