Skip to content
Log in

ISO/IEC 27002

Definition

A guidance standard (not certifiable) that provides implementation advice for each of the 93 controls in ISO 27001 Annex A. Updated in 2022 to align with the revised control structure. Organisations are certified against 27001; auditors use 27002 as a reference for assessing control implementation.

Related terms

Annex A
The normative annex to ISO/IEC 27001 that lists 93 information security controls across four themes: organisational (37 controls), people (8), physical (14),...
High-Level Structure (HLS)
The common clause framework mandated by ISO for all management system standards. Clauses 4 through 10 of ISO 27001 follow the same...
Information Security Management System (ISMS)
The set of policies, processes, procedures, and controls that an organisation establishes to manage information security risk. ISO 27001 specifies the requirements...
Risk owner
The individual or role accountable for ensuring a risk is treated appropriately and that the treatment remains effective. Owners should control the...
Statement of Applicability (SoA)
A mandatory document listing every ISO/IEC 27001 Annex A control with a statement of whether it is included or excluded, the justification...

Explained in

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account