Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

ISO 27001 vs ISO 27002

  Quote
Guest
Guest user Created:   Aug 18, 2021 Last commented:   Aug 18, 2021

ISO 27001 vs ISO 27002

Can you tell me what's the difference between 27001 and 27002? Which standard contains mandatory steps and which just contains best practice advice? How can you tell?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 18, 2021

The main differences are:

  • ISO 27001 is a certifiable standard that defines the requirements for an Information Security Management System (ISMS), as well as provide, on its Annex A, suggested security controls to be implemented, according to results of risk assessment or legal obligations.
  • ISO 27002 is a non-certifiable standard that provides details and guidance on the implementation of the controls from ISO 27001 Annex A.
  • ISO 27002 is not mandatory to be certified against ISO 27001.

These articles will provide you a further explanation about ISO 27001 and ISO 27002:

These materials will also help you regarding ISO 27001 and ISO 27002:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 18, 2021

Aug 18, 2021

Suggested Topics

Guest user Created:   Sep 08, 2018 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 vs ISO 27002

Guest user Created:   Dec 18, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 and ISO 27799

Guest user Created:   May 07, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISO 27002