Iso/iec 27002:2013 Apr 2026

In February 2022, a major update was released. While the 2013 version remains a common reference point for legacy systems, organizations are increasingly transitioning to the 2022 edition. ISO/IEC 27002:2013 ISO/IEC 27002:2022 114 controls 93 controls (due to merging) Organization 14 domains 4 themes: Organizational, People, Physical, Technological Key Addition Control Objectives "Attributes" (tags for risk, type, etc.) New Domains

While you cannot "certify" against 27002 alone, it is the primary guide for passing ISO 27001 certification audits . ISO/IEC 27002:2013

is an international standard that serves as a detailed "code of practice" for organizations looking to establish, implement, or maintain an Information Security Management System (ISMS). While ISO/IEC 27001 defines the requirements for an ISMS, ISO/IEC 27002 provides the how-to —the specific implementation guidance for the controls listed in Annex A of ISO 27001. 1. Structural Overview In February 2022, a major update was released

Controls for before, during, and after employment. is an international standard that serves as a

Inventory of assets and acceptable use.

Securing physical areas and equipment.