ISO/IEC 27001 & ISO/IEC 27002: How they work together
June 5th, 2019 By MarketingIn any organisation, threats to data security should be taken seriously. Whilst you cannot prepare for all eventualities, implementing an information security management system (ISMS) is a good way of ensuring you are on top of your game when it comes to protecting confidential or sensitive data.
If you’ve come across ISO/IEC 27001 and ISO/IEC 27002 in your research, you might wonder what the difference between them is and whether they work in conjunction. In this blog, we outline each standard and how they work together to help you implement a security system you can trust.
What is ISO/IEC 27001?
ISO/IEC 27001 offers a comprehensive set of controls that outlines the requirements of ISMS. The process of becoming certified concentrates on improving your information (including cyber) security standards so that you can be sure you have an ultra-safe and validated data security management system.
Have more questions about ISO/IEC 27001? Learn everything you need to know here.
What is ISO/IEC 27002?
ISO/IEC 27002 is more of a code of practice for security controls. It outlines the best practices for those implementing the information security management system, providing guidelines on selecting, implementing, and managing controls considering the organisation’s risk environments.
You cannot get certified to it as it is not a management standard; instead, it is required for use by companies who are in the process of implementing ISO/IEC 27001. The ISO/IEC 27002 standard can also be used by organisations that are planning to implement their own or other commonly accepted information security management guidelines.
How do they work together?
If you think of ISO/IEC 27001 as the ‘what’ we do, ISO/IEC 27002 acts as the ‘how’ do I achieve this. The ISO/IEC 27001 can be audited and certified against; you follow certain steps to comply with the standard. ISO/IEC 27002 outlines and offers guidance on applying controls included in Annex A of ISO/IEC 27001.
The ISO/IEC 27001 certification will convey to your customers that you are keeping their data safe and secure, making you a trustworthy business. If you are considering implementing an information security management system, you should consider using both ISO/IEC 27001 and ISO/IEC 27002 as a reference framework.
Do you want to learn more about how ISO/IEC 27001 can help your business? You can get in touch today to speak to one of our experts, or alternatively, you can download our free guide to find out more information.
Contact Us
For a free quotation or remote presentation by an ISO specialist, contact us today.
IMSM Ltd Head Office
The Gig House
Oxford Street
Malmesbury
Wiltshire
SN16 9AX