Choose your language or country
ISO 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of an organization.
ISO 27002 is an international standard used as a reference, with guidance on the best practices in implementing the requirements and controls of ISO 27001.
An organization can get a certification against ISO 27001, but not against ISO 27002.
ISO 27002:2022 has been released by ISO on Feb 15, 2022. The number of information security controls decrease from 114 controls to 93 controls, covered in 4 sections instead of 14 sections in the former version.
With 11 new controls, the new version of ISO 27002 didn’t delete any former controls, but some of them were merged.
An amendment to ISO 27001:2013 is in progress, which is expected to release in 2022.
You can click here to learn more about ISO 27001 and ISO 27002 and their recent changes.
After release of ISO 27001:2022 later, a transition period will be anticipated, for the ISO 27001:2013 certified organizations to update and implement their ISMS against the revised standard.