This document provides a reference set of generic information security controls including implementation guidance. This document is designed to be used by organizations: a) within the context of an information security management system (ISMS) based on ISO/IEC27001; b) for implementing information security controls based on internationally recognized best practices; c) for developing organization-specific information security management guidelines.

  • Code CYS EN ISO/IEC 27002:2022
  • Title Information security, cybersecurity and privacy protection - Information security controls (ISO/IEC 27002:2022)
  • ICS Code 35.030 IT Security
  • Status Published
  • Replaces CYS EN ISO/IEC 27002:2017
  • Publication Date 09.12.2022
  • Technical Committee CEN/CLC/JTC 13
  • Work Item Number JT013048