ISO 27001 vs 27002 - What's the difference?

311    Asked by AnilJha in Cyber Security , Asked on Apr 6, 2022

What is the difference between ISO 27001 and ISO 27002? Are they related to each other or not?

Answered by Anisha Dalal

ISO 27001 vs 27002 ISO 27001 establishes requirements. If an organisation wants to certify its Information Security Management System (ISMS) it needs to comply with all requirements in ISO 27001. On the other hand, ISO 27002 are best practises that are not mandatory. That means that an organisation does not need to comply with ISO 27002 but can use it as inspiration to implement requirements in ISO 27001.

For example, in ISO 27001 you have a control that requires the organisation to do backups and in ISO 27002 you have the same control but more developed, saying that the backups should be done at planned intervals, that they should be tested, that you should backup data and software, etc. ISO 27002 is more complex and difficult to comply with but it is not mandatory because depending on the context and the business of the organisation it could implement the control in another way. ISO 27001 establishes what you have to do but not how. ISO 27002 describes how.



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com