Is ISO 27002 mandatory?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
I think there are a couple of thigs that need to be clarified here:
1) The controls from ISO 27001 Annex A and from ISO 27002 are the same; what is different is that ISO 27002 provides detailed guidelines on how to implement controls, and ISO 27001 does not have those guidelines.
2) ISO 27002 is not a mandatory standard if you want to get certified against ISO 27001. Or to be more precise, ISO 27001 does not mention that the control guidelines from ISO 27002 are mandatory. Therefore, the certification auditor cannot ask you to implement particular control in a way that is described in ISO 27002.
3) However, you need to implement each control that you consider is applicable, so unless you have a very good idea on how to implement that control you can use ISO 27002 as a guideline.
See also: ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Sep 04, 2018