Guest
ISO 27001 vs ISO 27002
Can you tell me what's the difference between 27001 and 27002? Which standard contains mandatory steps and which just contains best practice advice? How can you tell?
Assign topic to the user
Expert
Rhand Leal
Aug 18, 2021
The main differences are:
- ISO 27001 is a certifiable standard that defines the requirements for an Information Security Management System (ISMS), as well as provide, on its Annex A, suggested security controls to be implemented, according to results of risk assessment or legal obligations.
- ISO 27002 is a non-certifiable standard that provides details and guidance on the implementation of the controls from ISO 27001 Annex A.
- ISO 27002 is not mandatory to be certified against ISO 27001.
These articles will provide you a further explanation about ISO 27001 and ISO 27002:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
These materials will also help you regarding ISO 27001 and ISO 27002:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 18, 2021
Aug 18, 2021
Aug 18, 2021