- A specification (specifies requirements for implementing, operating, monitoring, reviewing, maintaining & improving a documented ISMS)
- Specifies the requirements of implementing of Security control, customized to the needs of individual organization or part thereof.
- Used as basis for certification
- ISO / IEC 27002 : 2005 (Originally ISO/IEC 17799:2005)
- A code of practice for Information Security management
- Provides best practice guidance
- Use as required within your
- Not for certification
Both ISO 27001 and 27002 security control clauses are fully harmonized.