BS EN ISO/IEC 27002:2017 Information technology. Security techniques. Code of practice for information security controls

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

BS EN ISO/IEC 27002:2017

Information technology. Security techniques. Code of practice for information security controls

Status : Current   Published : October 2013



What is this standard about?

This is the reference handbook for selecting controls for use within an Information Security Management System (ISMS) based on BS EN ISO/IEC 27001. It can also be used as a guidance document for any organization wishing to implement commonly accepted information security controls.

Who is this standard for?

Anyone planning to build, operate, audit or certify an ISMS based on BS EN ISO/IEC 27001:2017. It provides essential further detail on the controls checklist used in BS EN ISO/IEC 27001. 

It will also be useful to anyone with an interest in information security management, or a general interest in information security measures. 

Why should you use this standard? 

It carefully defines a wide range of potential security controls. Each potential control is followed by implementation guidance and other relevant information.

The standard uses a structured approach, whereby similar or related controls are grouped together into categories with a single control objective. These categories are then assigned to one of fourteen basic clauses, each of which addresses a particular aspect of information security.

NOTE: Although BS EN ISO/IEC 27002:2017 is an essential component of building an ISMS based on BS EN ISO/IEC 27001:2017, it can be used independently as a source of information security controls following other methodologies or even as a stand-alone guide to best practice information security.

What’s changed since the last update?

This second edition is a technical and structural revision which replaces the 2005 edition. It also implements three ISO/IEC corrigendum from: 

  • September 2014
  • November 2015, which modified Subclause 14.2.8
  • March 2017 which renumbered the standard from BS ISO/IEC 27001:2013 to BS EN ISO/IEC 27001:2017

Standard NumberBS EN ISO/IEC 27002:2017
TitleInformation technology. Security techniques. Code of practice for information security controls
Publication Date01 October 2013
Cross ReferencesISO/IEC 27000, ISO/IEC Directives Part 2, ISO/IEC 11770-1, ISO/IEC 11770-2, ISO/IEC 11770-3, ISO 15489-1, ISO/IEC 20000-1, ISO/IEC 20000-2, ISO 22301, ISO 22313, ISO/IEC 27001, ISO/IEC 27005, ISO/IEC 27007, ISO/IEC TR 27008, ISO/IEC 27031, ISO/IEC 27033-1, ISO/IEC 27033-2, ISO/IEC 27033-3, ISO/IEC 27033-4, ISO/IEC 27033-5, ISO/IEC 27035, ISO/IEC 27036-1, ISO/IEC 27036-2, ISO/IEC 27036-3, ISO/IEC 27037, ISO/IEC 29100, ISO/IEC 29101, ISO 31000
International RelationshipsEN ISO/IEC 27002:2017,ISO/IEC 27002
Amended ByCorrigendum, March 2017; Corrigendum, November 2015
DescriptorsComputer software, Management, Data security, Computer hardware, Access, Data processing, Information exchange, Data storage protection, Computers, Computer networks, Data transmission
Title in FrenchTechnologies de l’information. Techniques de sécurité. Code de bonne pratique pour le management de la sécurité de l’information
Title in GermanInformationstechnik. Sicherheitsverfahren. Leitfaden für Informationssicherheitsmaßnahmen
ISBN978 0 580 95520 4
File Size1.693 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Get ISO 45001

BSI Essentials: All-in-one BSI online toolkit for BS ISO 45001


The faster, easier way to work with standards

Collaborate, Innovate, Accelerate.

Customers who bought this product also bought