The ISO 27002:2022 standards offers a consolidated set of controls, revised down from 114 to 93, and spread across four control areas.
|Organisational Controls||People Controls|
|Physical Controls||Technological Controls|
Mapping ISO 27002:2022 to ISO 27002:2013
If you have implemented controls from the previous addition, ISO 27002:2013, or are operating an information security management system to ISO 27001:2013, the new controls can be mapped across.
Changes to Controls
- 58 Controls have been updated,
- 24 Controls have been merged or combined.
- 11 Controls are new.
Our ISO 27002 consultants can help you map the controls and advise on any changes required.
ISO 27002 in Tenders
Many tender documents use the ISO 27002 control set during the bid process, often just listing out each control for the vendor to respond to.
During the transition period, tenders are likely to contain a mix of the ISO 27002:2013 and ISO 27002:2022 formats and controls.
Our ISO 27002 consultants can help you navigate these tender documents and provide a valid response to prequalification questionnaires.
Information Security Management Systems
ISO 27002 is now designed to stand alone or as part of an information security management system.
Our ISO Consultants can help you implement a full ISMS using the controls of ISO 27002.
The requirement for an information security management system (ISMS)
Privacy Information Management