We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.

What Is ISO 27002?

By Alex Newth
Updated May 17, 2024
Our promise to you
About Mechanics is dedicated to creating trustworthy, high-quality content that always prioritizes transparency, integrity, and inclusivity above all else. Our ensure that our content creation and review process includes rigorous fact-checking, evidence-based, and continual updates to ensure accuracy and reliability.

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

Editorial Standards

At About Mechanics, we are committed to creating content that you can trust. Our editorial process is designed to ensure that every piece of content we publish is accurate, reliable, and informative.

Our team of experienced writers and editors follows a strict set of guidelines to ensure the highest quality content. We conduct thorough research, fact-check all information, and rely on credible sources to back up our claims. Our content is reviewed by subject-matter experts to ensure accuracy and clarity.

We believe in transparency and maintain editorial independence from our advertisers. Our team does not receive direct compensation from advertisers, allowing us to create unbiased content that prioritizes your interests.

The International Organization for Standardization (ISO) is a non-government entity that exists to make standards for mostly technical subjects. ISO 27002 is a set of standards and procedures that enforces information security and controls that allow a business to perform proper security. Until 2005, ISO 27002 went by two other names. This standard is largely complemented by ISO 27001, which details the managerial tasks such as risk assessment and reviewing security, rather than the control aspect of 27002.

Two standards came before the ISO 27002, each similar in topic and in control. The first incarnation was in 1995 and appeared in the United Kingdom (UK) as BS7799. After being cleaned up and modernized, it was published again by the ISO, this time as the ISO 17799. In 2005, after further edits, it was called ISO 27002. While each version is different, and successively highlights more modern problems and controls, all three incarnations deal with information security.

The 27002 standard highlights hundreds of ways to deal with information security and has many different chapters for the different aspects of securing information. Some chapters deal with human resources and their interaction with information, while others tell a business how to control access and business continuity with their security procedure. Information security usually implies information technology (IT), but ISO 27002 also is concerned with paper information and assets, though most of the standard is aimed at the IT department.

In its first release, the 27002 standard was meant to be a wide-sweeping standard for all institutions that needed information security. This means an enterprise, not-for-profit establishment, government agency and business would all follow the same standard. Future publications of this standard are focused on separating the standard for different sectors to be more efficient.

ISO 27002 goes into great detail about the controls and procedures involved in keeping information safe. Other standards, such as the complementary ISO 27001, only offer one or two sentences about the control. Instead, 27002 goes into control with great detail but offers little in the case of management. With the ISO 27001, all of the management aspects are specified.

Many people confuse the ISO 27001 and 27002, because they handle the same subjects in different ways. This means many people are left to wonder why the standard was separated into two parts. The reason is because, if both parts existed together, it would be too long for one publication.

About Mechanics is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
About Mechanics, in your inbox

Our latest articles, guides, and more, delivered daily.

About Mechanics, in your inbox

Our latest articles, guides, and more, delivered daily.