ISO 27001 and ISO 27002
Assign topic to the user
Answer:
The main differences are:
- ISO 27001 is a certifiable standard that defines the requirements for an Information Security Management System (ISMS), as well as provide, on its Annex A, suggested security controls to be implemented, according to results of risk assessment or legal obligations.
- ISO 27002 is a non certifiable standard that provides details and guidance on the implementation of the controls from ISO 27001 Annex A.
- ISO 27002 is not mandatory to be certified against ISO 27001.
These articles will provide you further explanation about ISO 27001 and ISO 27002:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
Comment as guest or Sign in
Jun 14, 2019