ISO/IEC 27002 is a guidance document and is designed to be used as a reference for selecting controls while implementing an Information Security Management System (ISMS) based on ISO/IEC 27001 or as a guidebook for organizations implementing commonly accepted information security controls. The current ISO/IEC 27002:2013 edition had been under review since 2018 by ISO/IEC JTC 1/SC27 and the new edition was officially published on February 15, 2022. While some of the controls remain unchanged, there are significant changes in control layout and other controls. As Annex A of ISO/IEC 27001:2013 is designed to align with ISO/IEC 27002, ISO/IEC 27001 is being revised and the amendment version is estimated to be published in Q2 2022.
This article highlights the key changes in the 2022 edition, compared with the 2013 edition of ISO/IEC 27002.