ISO 27002 Information Security Standard


ISO 27002:2013 Standard

Information Security

What is ISO 27002:2013?

ISO 27001 suppliments ISO 27001 (The Information Security Management System or ISMS) by providing a list of common operational and technical information security controls.

ISO 27001 provides the overarching governance or management solution.

ISO 27002 focuses on the actual controls.

What is in ISO 27003:2013?

ISO 27003:2013 includes:

  • Information security policies
  • Organization of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance

How to use ISO 27003:2013?

ISO 27003:2013 links to the ISO 27001:2013 Statement of Applicability, which lists which of the controls are to be used or not used by the organisation.

ISO 27003:2013 also provides additional detail for each control, to help delivery and assurance activities.

We can help you make use of ISO 27003:2013 to help your business.

To find out more, simply send us a message:

Scroll to Top