This website uses cookies. View our cookie policy
Select regional store:
ISO/IEC 27002:2013 (ISO27002 ISO 27002) Code of Practice for InfoSec Controls

ISO/IEC 27002 2013 (ISO27002 ISO 27002) Code of Practice for InfoSec Controls

SKU: 4331
Publishers: ISO/IEC
Format: Hardcopy
Pages: 80
Published: 25 Sep 2013
Availability: In Stock
Format: PDF
Pages: 80
Published: 25 Sep 2013
Availability: Available to Order
The international Standard which supports the implementation of an Information Security Management System (ISMS) based on the requirements of ISO27001.
139,00 €


ISO/IEC 27002:2013 Information Technology – Security Techniques - Code of Practice for Information Security Controls

ISO 27002:2013 is the international Standard which supports the implementation of an Information Security Management System (ISMS) based on the requirements of ISO/IEC 27001:2013. It establishes the guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organisation.

Buy this Standard with its accompanying Standard, ISO/IEC 27001:2013, together in one package here.

What are the differences between 2005 and 2013 editions of ISO/IEC 27002?

ISO/IEC 27002:2013 has been updated to reflect the many changes which have taken effect in ISO/IEC 27001, and is fully aligned to the new 2013 version of ISO 27001.

For example:

  • The number of controls in ISO/IEC 27002 has been changed to match the number in ISO/IEC 27001, and ISO 27002 now specifies 35 control objectives, each of which is supported by at least one control, giving a total number of 114.
  • As the structure of Annex A in ISO 27001 has been updated, so ISO 27002 has been updated to reflect the new structure.
  • The terminology used in the standard has been revised to be aligned with that in ISO 27001.

Updated outline for ISO 27002


  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Structure of this standard - Clauses and Control categories
  5. Information security policies - Management direction for information security
  6. Organisation of information security - Internal organisation and Mobile devices and teleworking
  7. Human resource security - Prior to employment, During employment, Termination and change of employment
  8. Asset management - Responsibility for assets, Information classification and Media handling
  9. Access control - Business requirements of access control, User access management, User responsibilities and System and application access control
  10. Cryptography - Cryptographic controls
  11. Physical and environmental security - Secure areas and Equipment
  12. Operations security - Operational procedures and responsibilities, Production from malware, Backup, Logging and monitoring, Control of operational software, Technical vulnerability management and Information systems audit coordination
  13. Communication security - Network security management and Information transfer
  14. System acquisition, development and maintenance - Security requirements of information systems, Security in development and support processes and Test data
  15. Supplier relationships - Information security in supplier relationships and Supplier service delivery management
  16. Information security incident management - Management of information security incidents and improvements
  17. Information security aspects of business continuity management - Information security continuity and Redundancies
  18. Compliance – compliance with legal and contractual requirements and Information security reviews



Please note that two Technical Corrigenda have been issued since ISO/IEC 27002:2013 was published. These can be downloaded free of charge direct from ISO via the following links:

Technical Corrigendum 1 (ISO/IEC 27002:2013/Cor.1:2014) >>

Technical Corrigendum 2 (ISO/IEC 27002:2013/Cor.2:2015) >>

Customer Reviews

(0# of Ratings:)