In February 2022, following several years of revisions, the new ISO/IEC 27002:2022-02 was published, replacing the former ISO/IEC 27002:2013 as well as the German version DIN EN ISO/IEC 27002:2017. ISO/IEC 27002 is the second most important standard after ISO/IEC 27001 when it comes to structured information security and the rollout of an ISMS at a company.
ISO/IEC 27002 is not normative, meaning that it is not part of the auditing process of a certificate audit. It is given great weight since it offers implementation recommendations for the controls set forth in ISO/IEC 27001 – Annex A. These controls describe technical and organisational measures that counteract existing threats to and potential vulnerabilities in information security at companies.
The new version of the ISO/IEC 27001:2013 certification standard is set for release in Q4 2022, which also marks the start of the transition phase. From the date of publication, companies have 24 months to successfully complete the audit according to the new standard.