BS EN ISO/IEC 27002:2022

SKU: 994358
Stock Status: Available to Order- Stock Due
Information security, cybersecurity and privacy protection. Information security controls

Official BSI Distributor

What is BS EN ISO/IEC 27002 - Information security controls about?

BS EN ISO/IEC 27002 is the internationally recognized guidance document covering selecting, implementing, and managing controls for organizations who have - or who are in the process of establishing - an information security management system (ISMS) based on BS EN ISO/IEC 27001.

BS EN ISO/IEC 27002 ultimately provides recommendations that helps businesses to strengthen their information security – vital in today's world where the number and sophistication of cyber-attacks is on the rise.

It has been developed to be used by any organization, of any size or sector, wanting to implement commonly accepted information security controls, such as threat intelligence and data leakage prevention.

It’s a supplementary document to BS EN ISO/IEC 27001 that helps users to identify and implement the information security controls that are most appropriate to their organization’s needs and which in turn can help strengthen the way in which information is protected.

What are the benefits of BS EN ISO/IEC 27002 - Information security controls?

By adopting the guidance in BS EN ISO/IEC 27002 and changing your process to conform to its requirements, businesses can benefit from:

  • Identifying suitable and proportionate security controls within the process of setting up an ISMS
  • Achieving best practices in information security management
  • Meeting legal, statutory, regulatory, and contractual requirements in relation to information security
  • Strengthening risk management and reduce the likelihood of information security breaches
  • Increasing confidence in the organization’s ISMS

BS EN ISO/IEC 27002 contributes to UN Sustainable Development Goal 9 on industry, innovation, and infrastructure.

Who is BS EN ISO/IEC 27002 - Information security controls for?

BS EN ISO/IEC 27002 was developed specifically so that it guidance could be used by businesses of every size and sector – from multi-nationals to SMEs.

Users of this information security controls standard will typically be anyone with an interest in information security and risk management within their business, where activities such as the creation, collection, processing, storing, transmitting, and disposing of information takes place.

Those who use this standard can include:

  • Chief information security officers (CISO)
  • Cyber security risk analysts/advisors
  • Information security consultants
  • Risk managers in compliance and information security

If your business handles with sensitive employee or client data, you might also want to consider also implementing standard BS EN ISO/IEC 27701. This document serves as an extension to BS EN ISO/IEC 27001 and BS EN ISO/IEC 27002 and can help business manage its privacy risks with confidence.

What does BS EN ISO/IEC 27002- Information security controls cover?

BS EN ISO/IEC 27002 provides recommended information security controls including guidance on how businesses can implement them into their processes. It is designed to be used by organizations:

  • Within the context of an ISMS based on BS EN ISO/IEC 27001
  • For implementing information security controls based on internationally recognized best practices
  • For developing their own information security management guidelines

What’s new about BS EN ISO/IEC 27002 - Information security controls?

BS EN ISO/IEC 27002:2022 is a revision of BS EN ISO/IEC 27002:2017. The key changes in BS EN ISO/IEC 27002:2022 are:

  • The phrase “code of practice” has been omitted to reflect better its purpose of being a reference set of information security controls
  • The number of security control listed has decreased from 114 to 93, with some controls being removed as they no longer reflect best practices.
  • Eleven new controls have been introduced in the latest version. These reflect the evolvement in technologies and industrial practices including threat intelligence, information security for use of cloud services, and data leakage prevention.
  • The 2022 edition provides references to the 2013 edition control identifiers to better facilitate companies’ transition to the latest edition
Product Information
ISBN 9780539037166
Publication Status Current
Publication Date 30/11/2022
Format (Paperback, Hardback etc) Paperback
Brand / Publisher BSI
Publisher BSI

We offer customers a wide range of delivery options from Free (7-10 working days) ... right up to by Next Day by 9am (subject to location & stock availability).

  • Simply choose your preferred service when checking out
  • We show "live" stock levels for all publications
  • Orders received after 3:45pm will be processed on the next working day.
  • Unless specifically requested, our delivery partners will not attempt a weekend delivery

We offer all customers a "No Quibble" 28 day returns policy.

If you need to return a title for any reason ...

  • Contact our customer services team first to explain what you are returning and the reason
  • Request a Returns Authorisation Number
  • We will email you this and a link to arrange your return quickly & easily via Royal Mail
  • Take your return to your nearest Post Office and they will do the rest

Please refer to our Returns page for full details & charges.

100% Genuine Publications
  1. Free standard delivery
  2. Best price guaranteed
  3. Fast same-day shipping
  4. Over 20 years experience
  5. Family-run business