ISO 27002 is an information security standard from the International Organization for Standardization and International Electrotechnical Commission. ISO 27002 is an annex to the ISO 27001 controls framework that gives you the foundation to identify, evaluate, and mitigate international information risks. ISO 27002 is a deeper dive into the implementation guidance for select controls covered in ISO 27001.
ISO 27002 is used as a supplementary standard to ISO 27001. It is designed to provide further implementation guidelines for information security controls. ISO 27002 guides organizations in the implementation of those controls by outlining what risks or situations they should cover.
Access Risk Cloud’s Controls Repository to download the ISO 27002 framework and quickly get started improving the effectiveness of your organization’s information security management system (ISMS).