ISO/IEC 27002 contains a list of measures that are considered "best practice" in the field of information security and instructions for their implementation in the organization.

ISO 27002 describes how organizations can protect their information and provides guidelines for best practices and control mechanisms for their implementation. It covers areas such as risk assessment, security policies, access control, incident response and compliance.

By implementing ISO 27002, organization will create a reliable information security management system (ISMS) that will meet their specific needs and requirements. This will help it protect information from unauthorized access, ensure data integrity and maintain the availability of critical systems and services. Compliance with ISO 27002 helps organizations not only protect their own information assets, but also instills confidence in their customers and stakeholders by demonstrating a commitment to maintaining strict security practices.

What is the difference between ISO/IEC 27001 and ISO/IEC 27002?

ISO/IEC 27001 poskytuje požadavky pro společnosti, které chtějí zavést, implementovat, udržovat a neustále zlepšovat systém řízení informační bezpečnosti.

ISO/IEC 27002 is an international standard used as a tool, support for guiding the introduction of information security. It is an implementation standard based on proposals and best practices - it contains a list of measures that are considered "best practice" in the field of information security and instructions for their implementation in the organization.

In this regard, the main difference is that organizations can obtain certification according to ISO/IEC 27001, while they cannot obtain certification according to ISO/IEC 27002.

ISO/IEC 27002 serves as supporting material in the implementation of ISO/IEC 27001 requirements and controls.