ISO/IEC 27002:2022 is a supporting standard to ISO/IEC 27001 that provides detailed guidance on how to implement the security controls listed in Annex A of ISO 27001. While ISO 27001 tells you what controls are needed, ISO 27002 explains how to apply them effectively.
The 2022 update modernized the standard to address current security challenges, introducing a new structure with 3 controls grouped into four themes:
- Organizational
- People
- Physical
- Technological
Each control includes implementation guidance, attributes, and examples to help organizations tailor their information security approach. Though not certifiable on its own, ISO 27002 is an essential tool for building and maintaining a strong Information Security Management System (ISMS).
