NEW UPDATES TO ISO 27001 & 27002

What is the ISO 27001 and 27002 standards?

The ISO 27001 is a globally recognised standard for information security. It allows for your business to equip itself with a risk-based approach to information security that is internationally accepted as best practice.

One of the key ways it achieves this is through the introduction of an Information Security Management System(IMS). An ISMS assists businesses in identifying, assessing, mitigating, and managing the risks involved in managing corporate information and assets. ISO 27002 is a set of guidelines or controls that are designed to help you introduce and implement ISMS best practices.

Achieving ISO 27001 certification proves to your customers and partners that your business is committed to achieving an international standard of information security. The certification helps increase your credibility and reputation amongst customers and is a huge differentiating factor amongst competitors.

 What is the difference between ISO 27001 and 27002?

The key difference between ISO 27001 and ISO 27002 is that, while you can earn ISO 27001 certification for your business, you cannot earn ISO 27002 certification. ISO 27001 is the main standard whereas ISO 27002 is a supporting control that exist to provide guidance and help you implement best security practices for ISO 27001 certification. They in fact are part of the same standard.