Please Select contact form.
The Essential Framework for Safeguarding Sensitive Data
ISO/IEC 27002:2022 is an update to the previously published ISO/IEC 27002:2013 standard. This information security standard reference is used to support ISO 27001. This standard is published by the International Organization for Standardization (ISO) and the International Electrical Commission (IEC). ISO 27002 is closely associated with ISO 27001 as a supporting set of controls used for ISMS and how organizations may choose to implement them.
It is important to note that ISO 27002 is not a certifiable standard by itself. It acts as a point of reference for information security, cyber security and privacy protection controls that are based on internationally recognized standards of best practices for organizations planning on ISO 27001 certification.
ISO 27002 controls can be found in Annex A of ISO/IEC 27001. This is the section most information security experts will refer to when the topic of security controls is discussed. It’s important to note that while the outline of each control in Annex A is only a few sentences, ISO 27002 refers to each control with an average of one page per each. This is simply because the ISO 27002 standard must explain how each control works, what is the objective of said control, and how that particular control can be implemented.
Drastic changes were made to this ISMS framework structure in February of 2022, replacing the previous published release from 2013. Despite the structural modifications the documents purpose remains the same; providing a generic reference set of information security controls used within the context of ISO 27001 Information Security Management System (ISMS).
The ultimate impact of ISO 27002 is in its contribution to the stability of and organizations ISMS. A key difference is that ISO 27002 is not intended to distinguish between applicable controls used or not within an organization. ISO 27002 is to be used as a reference for the selection of security controls rather than a certification process.
With the consolidation of controls in ISO 27002, the number of security controls is now reduced to 93 from 114. Specifically, out of the 93 controls, 58 were updated, 24 were merged and 11 new controls we created.
While already referenced across multiple controls, the latest version of ISO 27002 gave these topics a more focused detail and guidance in their own control.
The final major change introduces five attributes, including values for each.
Now when referencing Annex A, attributes will link one or more values from each attribute to any of the security controls. Easier grouping and sorting are the result of this change. As an example, if an organization wishes to strengthen preventative controls, filtering using the #preventative value in the attribute Control types will present a list of preventative control references.
Annex B in this version remains retroactive to ISO/IEC 27002:2013 and allows for an easy transition to ISO 27002s updated version.
When planning out your ISO 27001 information security management system project, it would be safe to assume that both ISO 27001 and ISO 27002 would be the cornerstone of your ISMS. Using the security controls included in the new ISO 27002 will result in alignment to the current industry best practices. Your infrastructure may benefit more as a result of the new introductions as a strengthened integration to existing frameworks, regulations or standards.
With the growing complexity of managing ISO 27000 series requirements, organizing information in a central location becomes increasingly important. When an auditor comes to site, they will assess management’s oversight of their third-party service providers as well as the company’s own controls. The majority of this oversight revolves mainly around documentation and the ability to review it. Proving this to an auditor means providing them with a record management system that can draw on the accuracy & speed of access to the who, when and how’s of the organizations operations objectives.
Interfacing’s Enterprise Process Center® digital platform solution maintains a complete library of:
All of the above within a centralized Integrated Management System (IMS), allowing your organization to fast-track certification and simplify creation, communication (new & changes) and update of information security controls, processes and associated/related documentation.
Additionally Interfacing’s IMS also offers a Quality Management System for automating the training of your different controls and audits (action item management/CAPA) as well as managing all your documentation, files, processes, procedures, roles, risks & controls.
We offer an entire library of content to jump start your program or use as a reference library for the operating controls used to validate the maturity of your current ISO 27001 documentation.
With over two decades of AI, Quality, Process, and Compliance software expertise, Interfacing continues to be a leader in the industry. To-date, it has served over 500+ world-class enterprises and management consulting firms from all industries and sectors. We continue to provide digital, cloud & AI solutions that enable organizations to enhance, control and streamline their processes while easing the burden of regulatory compliance and quality management programs.
To explore further or discuss how Interfacing can assist your organization, please complete the form below.
• Gain real-time, comprehensive insights into your operations.
• Improve governance, efficiency, and compliance.
• Ensure seamless alignment with regulatory standards.
• Simplify quality management with automated workflows and monitoring.
• Streamline CAPA, supplier audits, training and related workflows.
• Turn documentation into actionable insights for Quality 4.0
• Build custom, scalable applications swiftly
• Reducing development time and cost
• Adapt faster and stay agile in the face of
evolving customer and business needs.
The AI-powered tools are designed to streamline operations, enhance compliance, and drive sustainable growth. Check out how AI can:
• Respond to employee inquiries
• Transform videos into processes
• Assess regulatory impact & process improvements
• Generate forms, processes, risks, regulations, KPIs & more
• Parse regulatory standards into requirements
Document, analyze, improve, digitize and monitor your business processes, risks, regulatory requirements and performance indicators within Interfacing’s Digital Twin integrated management system the Enterprise Process Center®!
More than 400+ world-class enterprises and management consulting firms