ISO/IEC 27002:2022 – Information security, cybersecurity and privacy protection – Information security controls
The international standard that supports the implementation of an ISMS (information security management system) based on the requirements of ISO 27001.
ISO 27002:2022 is an international standard designed for organisations of all types and sizes. It establishes the guidelines and general principles for initiating, implementing, maintaining and improving information security management in an organisation and supports the implementation of an ISMS based on the requirements of ISO 27001.
The 2022 edition of the Standard cancels and replaces the previous edition (ISO/IEC 27002:2013). It has been technically revised and incorporates the Technical Corrigenda ISO/IEC 27002:2013/Cor. 1:2014 and ISO/IEC 27002:2013/Cor. 2:2015.
The main changes are:
Introduction
Annex A – Using attributes
Annex B – Correspondence of ISO/IEC 27002:2022 with ISO/IEC 27002:2013