ISO/IEC 27002:2022 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27002 has a close association with ISO 27001. Broadly speaking, it gives guidance on implementing an ISO 27001 ISMS.

ISO/IEC 27002 provides a reference set of information security, cyber security and privacy protection controls, including implementation guidance based on internationally recognised best practices.

While ISO 27002 is not a certifiable standard by itself, compliance with its information security, physical security, cyber security and privacy management guidelines brings your organisation one step closer to meeting ISO 27001 certification requirements.