Skip to content

Your glossary for risk and compliance

Helpful definitions of all of the terms you need to know to better manage risk and compliance.

Standards & frameworks
ISO 27002

What is ISO 27002?

ISO 27002 is a guideline for organizational information security standards and best practices for information security management. Considering the business’s information security risk environments, ISO 27002 focuses on the organization’s selection, implementation, and management of controls. It is meant to be used as a guide, based on ISO 27001, for identifying appropriate security controls in implementing an ISMS. 

Ultimately, while ISO 27002 is more of a guideline to achieving best practices and has subtle differences from ISO 27001, it also serves to demonstrate the stability of your organization’s ISMS. The main difference is that ISO 27002 does not distinguish between controls applicable to your particular organization and those which are not. ISO 27002 is a reference for selecting security controls rather than a certification process. 
Back to glossary search

Why businesses and advisors choose 6clicks

It's faster, easier and more cost effective than any alternative.

6clicks Circle Logo

Powered by artificial
intelligence

Experience the magic of Hailey, our artificial intelligence engine for risk and compliance.

6clicks Circle Logo

Unique Hub & Spoke architecture

Deploy multiple teams all connected to a hub - perfect for federated, multi-team structures.

6clicks Circle Logo

Fully integrated
content library

Access 100's of standards, control sets, assessment templates, libraries and playbooks.

Are you ready to experience AI-powered GRC?