Guest user Created: Jun 14, 2019 Last commented: Jun 14, 2019

ISO 27001 and ISO 27002

Can you break down the main differences between an ISO 27001 and an ISO 27002 certification? Is 27002 a higher standard then 27001? I want to be sure that if we are going through the effort to be certified that we are working towards the right goal for our organization.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jun 14, 2019

Answer:

The main differences are:
- ISO 27001 is a certifiable standard that defines the requirements for an Information Security Management System (ISMS), as well as provide, on its Annex A, suggested security controls to be implemented, according to results of risk assessment or legal obligations.
- ISO 27002 is a non certifiable standard that provides details and guidance on the implementation of the controls from ISO 27001 Annex A.
- ISO 27002 is not mandatory to be certified against ISO 27001.

These articles will provide you further explanation about ISO 27001 and ISO 27002:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 14, 2019

Expert Advice Community