left-svg
Bonus expert support worth $500
with the ISO 27001 Documentation Toolkit
Limited-time offer – ends June 30, 2022.
right-svg

Expert Advice Community

Guest

How ISO 27001 and ISO 27002 are related

  Quote
Guest
Guest user Created:   Sep 16, 2016 Last commented:   Sep 16, 2016

How ISO 27001 and ISO 27002 are related

I am seeking information as to how ISO 27001 and 27002 are related. In order to become ISO 27001 compliant would my organization need to meet every facet of the ISO 27002 Implementation Guidance for each control or is the Implementation Guidance just that; recommended guidelines that I will choose to use and/or implement based on the scope of my organization and/or specific threats/vulnerabilities? This may be a very broad question but we are seeking to become better aligned with ISO 27001 and eventually become ISO certified as an organization. I thank you in advance for your time and look forward to hearing from you.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
Antonio Jose Segovia Sep 16, 2016

Answer:
The relation between ISO 27001 and ISO 27002 is simple: ISO 27001 establishes requirements for an Information Security Management System, and includes the Annex A with 114 security controls. ISO 27002 is a guide of best practices for the implementation of the 114 security controls of the Annex A of ISO 27001.

Really you only need to implement the necessary security controls after the risk analysis, and you will nee d ISO 27002 only if you need specific information about how to implement the security controls of Annex A of ISO 27001. This article can be interesting for you “The basic logic of ISO 27001: How does information security work?” : https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

And also this article "ISO 27001 vs. ISO 27002" : https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

Regarding the threats/vulnerabilities, this article can be also interesting for you, because you can see a complete list of them “Catalogue of threats & vulnerabilities” : https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/

Finally, these materials will help you to know more about the ISO 27001:
- free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 16, 2016

Sep 16, 2016