ISO27002:2013 is the international Standard which supports the implementation of an Information Security Management System (ISMS) based on the requirements of ISO/IEC 27001:2013. It establishes the guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organisation.
Buy this Standard with its accompanying Standard, ISO/IEC 27001:2013, together in one package here.
ISO/IEC 27002:2013 has been updated to reflect the many changes which have taken effect in ISO/IEC27001, and is fully aligned to the new 2013 version of ISO27001.
For example:
Click to expand updated outline for ISO27002 »
Introduction
1. Scope
2. Normative references
3. Terms and definitions
4. Structure of this standard - Clauses and Control categories
5. Information security policies - Management direction for information security
6. Organization of information security - Internal organization and Mobile devices and teleworking
7. Human resource security - Prior to employment, During employment, Termination and change of employment
8. Asset management - Responsibility for assets, Information classification and Media handling
9. Access control - Business requirements of access control, User access management, User responsibilities and System and application access control
10. Cryptography - Cryptographic controls
11. Physical and environmental security - Secure areas and Equipment
12. Operations security - Operational procedures and responsibilities, Production from malware, Backup, Logging and monitoring, Control of operational software, Technical vulnerability management and Information systems audit coordination
13. Communication security - Network security management and Information transfer
14. System acquisition, development and maintenance - Security requirements of information systems, Security in development and support processes and Test data
15. Supplier relationships - Information security in supplier relationships and Supplier service delivery management
16. Information security incident management - Management of information security incidents and improvements
17. Information security aspects of business continuity management - Information security continuity and Redundancies
18. Compliance – compliance with legal and contractual requirements and Information security reviews
Please note: We supply the interchangeable British and international adoptions of ISO27002, which all contain exactly the same content.
Please note that two Technical Corrigenda have been issued since ISO/IEC 27002:2013 was published. These can be downloaded free of charge direct from ISO via the following links: