BS EN ISO/IEC 27002:2017 Information technology. Security techniques. Code of practice for information security controls

BS EN ISO/IEC 27002:2017

Information technology. Security techniques. Code of practice for information security controls

Status : Current   Published : October 2013



What is this standard about?

This is the reference handbook for selecting controls for use within an Information Security Management System (ISMS) based on BS EN ISO/IEC 27001. It can also be used as a guidance document for any organization wishing to implement commonly accepted information security controls.

Who is this standard for?

Anyone planning to build, operate, audit or certify an ISMS based on BS EN ISO/IEC 27001:2017. It provides essential further detail on the controls checklist used in BS EN ISO/IEC 27001. 

It will also be useful to anyone with an interest in information security management, or a general interest in information security measures. 

Why should you use this standard? 

It carefully defines a wide range of potential security controls. Each potential control is followed by implementation guidance and other relevant information.

The standard uses a structured approach, whereby similar or related controls are grouped together into categories with a single control objective. These categories are then assigned to one of fourteen basic clauses, each of which addresses a particular aspect of information security.

NOTE: Although BS EN ISO/IEC 27002:2017 is an essential component of building an ISMS based on BS EN ISO/IEC 27001:2017, it can be used independently as a source of information security controls following other methodologies or even as a stand-alone guide to best practice information security.

What’s changed since the last update?

This second edition is a technical and structural revision which replaces the 2005 edition. It also implements three ISO/IEC corrigendum from: 

  • September 2014
  • November 2015, which modified Subclause 14.2.8
  • March 2017 which renumbered the standard from BS ISO/IEC 27001:2013 to BS EN ISO/IEC 27001:2017

Standard NumberBS EN ISO/IEC 27002:2017
TitleInformation technology. Security techniques. Code of practice for information security controls
Publication Date01 October 2013
Normative References(Required to achieve compliance to this standard)ISO/IEC 27000
Informative References(Provided for Information)ISO/IEC 27033-1, ISO/IEC 27033-3, ISO/IEC 11770-2, ISO 15489-1, ISO/IEC 27036-1, ISO/IEC 29101, ISO/IEC 11770-3, ISO/IEC 27036-2, ISO/IEC 27033-2, ISO/IEC 20000-1, ISO/IEC 27033-5, ISO/IEC 27037, ISO/IEC 27035, ISO 22313, ISO/IEC 27005, ISO/IEC 11770-1, ISO/IEC 27031, ISO/IEC 29100, ISO/IEC 27001, ISO/IEC 27007, ISO/IEC 27033-4, ISO/IEC Directives Part 2, ISO/IEC TR 27008, ISO 22301, ISO/IEC 27036-3, ISO/IEC 20000-2, ISO 31000:2018
International RelationshipsISO/IEC 27002,EN ISO/IEC 27002:2017
Amended ByCorrigendum, March 2017; Corrigendum, November 2015
DescriptorsComputer software, Management, Data security, Computer hardware, Access, Data processing, Information exchange, Data storage protection, Computers, Computer networks, Data transmission
Title in FrenchTechnologies de l’information. Techniques de sécurité. Code de bonne pratique pour le management de la sécurité de l’information
Title in GermanInformationstechnik. Sicherheitsverfahren. Leitfaden für Informationssicherheitsmaßnahmen
ISBN978 0 580 95520 4
File Size2.712 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Worldwide Standards
We can source any standard from anywhere in the world


The faster, easier way to work with standards

Customers who bought this product also bought