What is ISO/IEC 27002?

BS EN ISO/IEC 27002:2022 is a revision of BS EN ISO/IEC 27002:2017. The key changes in BS EN ISO/IEC 27002:2022 are:

• The phrase “code of practice” has been omitted to reflect better its purpose of being a reference set of information security controls
• The number of security control listed has decreased from 114 to 93, with some controls being removed as they no longer reflect best practices.
• Eleven new controls have been introduced in the latest version. These reflect the evolvement in technologies and industrial practices including threat intelligence, information security for use of cloud services, and data leakage prevention.
• The 2022 edition provides references to the 2013 edition control identifiers to better facilitate companies’ transition to the latest edition

Why use BS EN ISO/IEC 27002:2022?

It provides a reference set of generic information security controls and guidance on their implementation. It’s a supplementary guide to ISO/IEC 27001 that helps users to identify and implement the information security controls that are most appropriate to their organization’s needs and which in turn can help strengthen the way in which information is protected.

How can BS EN ISO/IEC 27002 help your business?

• Identify suitable and proportionate security controls within the process of setting up an information security management system (ISMS)
• Achieve best practice in information security management
• Meet legal, statutory, regulatory and contractual requirements in relation to information security
• Strengthen risk management and reduce the likelihood of information security breaches
• Increase confidence in the organization’s ISMS
• Increase the overall robustness and resilience of ISMS and strengthen risk management
• Contribute to UN Sustainable Development Goal 9 on industry, innovation and infrastructure