ISO/IEC 27002:2022 pdf download.Information security, cybersecurity and privacy protection — Information security controls.
ISO/IEC 27002 provides a reference set of generic information security controls including implementation guidance. This document is designed to be used by organizations:
a) within the context of an information security management system (ISMS) based on ISO/IEC 27001;
b) for implementing information security controls based on internationally recognized best practices;
c) for developing organization-specific information security management guidelines.
While this document offers guidance on a broad range of information security controls that are commonly applied In many different organizations, other documents In the ISO/IEC 27000 family provide complementary advice or requirements on other aspects of the overall process of managing information security.
Refer to ISO/IEC 27000 for a general introduction to both ISMS and the family of documents. ISO/IEC 27000 provides a glossary, defining most of the terms used throughout the ISO/IEC 27000 family of documents, and describes the scope and objectives for each member of the family.