Skip to content

Glossary definition: ISO/IEC 27002:2022

ISO/IEC 27002:2022: A Comprehensive Guide to Data Security

ISO/IEC 27002:2022 is an international standard for information security management systems (ISMS) developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides best practice recommendations for organizations on how to manage their information security in order to protect their information assets. The standard provides a comprehensive set of control objectives and controls to help organizations protect their information assets, including those related to information security management, risk assessment and management, asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development, and maintenance, and supplier relationships. The standard also provides guidance on the implementation of an ISMS, including the roles and responsibilities of personnel, the selection and implementation of security controls, and the monitoring and review of the ISMS.