WHAT IS THE DIFFERENCE BETWEEN ISO 27001 AND ISO 27002?

28th of May 2019 06:04:13 PM

 ISO 27001 is the standard for implementing an Information Security Management System (ISMS) that companies are certified against. It details what organisations must implement in order to have an ISMS that meets the requirements of ISO 27001. To broadly generalise, ISO 27002 and a number of other standards in the same 27000 family, can be considered to be supporting documents to ISO 27001, giving guidance and advice on the implementation.

The formal titles of the two standards are as follows:

·         ISO 27001:2013 Information security management systems — requirements

·         ISO 27002:2013 Code of practice for information security controls

 there are a number of other standards in the ISO27000 family, that help provide ISO 27001 implementation guidance. ISO 27002 is the most well known of these. To put it another way, ISO 27002 is implementation guidance for ISO 27001– it helps organisations consider what they need to put in place to meet the requirements of ISO 27001. It is worth reading ISO 27002 to see typical ways that a requirement of 27001 could be satisfied. An auditor may well show you the implementation guidance in 27002 if discussing how a gap in compliance might be addressed. Key points are:

·         A company cannot be certified to ISO 27002. It is only a guidance document. The company is certified against 27001.

·         Compliance with ISO 27002 may not mean much, as it would be very costly to comply to all the implementation guidance; alternatively picking and choosing which guidance to use without the risk assessment and management included with ISO 27001 makes it meaningless. Compliance with 27001 makes more sense, however this would be without certification from a Certification Body that would do regular audits and is audited themselves.

 

ISO 27002 compliance audits, or even offering ISO 27002 training, consider caution, since in all but perhaps niche training scenarios ISO 27001 would be the expected standard and it may indicate a lack of understanding.

Note that ISO 27002 is not the only useful accompaniment for organisations implementing ISO 27001. Some highlights from the 27000 family are listed below:

·         27003 discusses the design and implementation of the ISMS.

·         27004 gives guidelines to asses how well the ISMS implemented in 27001 is performing, which assists with the 27001 requirement that the performance of the ISMS be assessed (section 9).

·         27005 describes risk management methods. One of the core concepts of 27001 is identifying risks (section 6) and then matching controls to the risks faced.

·         27007 advises on how to satisfy the audit conditions of ISO 27001 (section 9.2).

·         27008 gives details on how to assess controls.

·         27009 gives specific industry sector advice on how to implement specific controls.

 
there are many other documents in this family, but the above are likely to be the ones most useful to the majority of organisations.

if you receive advice to obtain a copy of both 27001 and 27002, it is not two separate certification standards, but one certification standard and an accompanying guidance document.

1. What is ISO?
2. What is the purpose of the ISO?
3. Why ISO is required?
4. What are the 10 Benefit of ISO?
5. Does any ISO a improvement of a business?
6. What is Annex SL and why it is used?
7. What is the Annex SL System Structure?
8. What was the Vision behind Annex SL?
9. What benefit is there to harmonization?
10. Who Created Annex SL?
11. What is the total Cost involved in the ISO Certification Process?
12. Which is the first group that succeeded to reach an agreement with it?
13. How Annex SL Works?
14. What is Six Sigma?
15. What are the stages of Six Sigma? Explain it.
16. How many principals in Six Sigma?
17. How many belts in Six Sigma?
18. Explain The Quality Levels of Six Sigma?
19. What is master black belt?
20. What are the different kinds of variations used in Six Sigma?
21. What is the Need to do Risk Assessment & How long should risk assessments be kept?
22. What is Quality Control & their tools and techniques?
23. What is 5S and when & where was firstly it introduced?
24. Where can be 5S be Used?
25. What are the Benefits of 5S?
26. How does 5S help the business to grow?
27. What is PDCA cycle?
28. What is a “Gap Analysis"?
29. What are the benefits of PDCA cycle?
30. What are the process of gap analysis?
31. How do i become an ISO Certified Auditor
32. What is a “Zero Defect”?
33. What is cost of quality?
34. What are the Limitations of Zero defects?
35. What are the Categories Of Cost Of Quality?
36. What is supply Chain Management?
37. Why Is Supply Chain Management Important?
38. What are the major obstacles to successfully implementing supply chain management?
39. What is communication? What are the type of communication?
40. What is “Pareto Analysis
41. what are the basic elements of communication process?
42. How to use and construct the Pareto diagram?
43. What is conformity Assessment?
44. Why do we need conformity assessment?
45. Who does the assessments and what are the conformity assessment procedures?
46. What is a histogram and how to use a Histogram?
47. What is Juran’s Quality Trilogy?
48. What do you need for a histogram? And what are the seven simple steps for construction of Histogram.
49. What is the difference between HACCP and GAPs?
50. What is the difference between GMPs and GAPs?
51. What is the Database Management System (DBMS) and its advantages?
52. What are the types of database management system (DBMS)?
53. What is “Quality Culture”?
54. What are the Core Values and Beliefs of a Quality Culture?
55. What is accreditation? Where Accreditation is used and Type of Accreditation?
56. What is the goal of a business continuity plan?
57. How do I Become an ISO Auditor ?
58. How do you conduct a business impact analysis in Organization?
59. What is the role of technical expert in ISO audit?
60. What are six mandatory quality procedures?
61. What is the Role and Responsibilities of a Lead Auditor?
62. Competency Requirements for Auditors and Certification Personnel for Quality Management System
63. What is the main goal of information security?
64. Competency Requirements for Auditors and Certification Personnel for EMS
65. What is risk-based thinking and why has it been introduced into the standard?
66. What is this ISO 21401:2018 standard about?
67. What is the Role and Responsibilities of a ISO 9001:2015 Lead Auditor ?
68. What is the Role and Responsibilities of a ISO 14001:2015 Lead Auditor ?
69. . What is the Role and Responsibilities of a ISO ISO 45001:2018 Lead Auditor ?
70. What are the benefits of Implementing ISO 21401:2018 Standard?
71. What are the Benefits While implementing ISO 20121 on customers and organizations?
72. Which is the best ISO certification bodies in India?
73. What is ISO 26000?
74. What is Risk Management ISO 31000:2018?
75. What are the steps implementations of risk management process?
76. What are the major changes in the ISO 27001:2013 version?
77. How to Design a Risk management framework? What are the principles in improving an organizational risk management framework?
78. What is ISO/IEC 17025?
79. What is the relationship between ISO 17025 and ISO 9001?
80. What are the Benefits Of Following ISO 26000?
81. ISO 9001:2015 Lead Auditor benefits
82. What is the ISO 27000 Series?
83. What Does ISO 26000 Accomplish?
84. What is sustainable development?
85. How can ISO 37101 help promote sustainable development in communities?
86. Who can use ISO 37101?
87. What are the main elements of the ISO 31000 risk management process?
88. What are the main elements of the ISO 31000 risk management process?
89. What are the benefits of ISO/IEC 17025 Accreditation?
90. What is a management system?
91. Which types of Strategies occur in enhancing risk management? And what are the Benefits of ISO 31000 Risk Management?
92. : What is IATF 16949:2016-International Automotive Task Force?
93. What are Benefits While Implementing ISO 37101?
94. What does the ISO 37101 standard cover & Who is the standard for?
95. What is the ISO 8000 Standard?
96. What Are The Core Subjects Of Social Responsibility?
97. What is IT Service Management & Why your business needs ITSM ?
98. What are the main differences between in ISO 31000:2009 and ISO 31000:2018?
99. Why is IATF 16949 a good idea for your organization?
100. What Is Social Responsibility Reporting? Why is social responsibility important?
101. What aspects of data quality does ISO 8000 cover?
102. What is ISO 31000 designed to help organizations do?
103. What is Disaster Recovery?
104. What is ISO 26000:2010 about? How to Support for implementing ISO 26000?
105. What are the practical steps to becoming IATF 16949 certified?
106. Why is ISO 26000 important? What benefits can be achieved by implementing ISO 26000?
107. What is a disaster recovery plan?
108. What is ISO 15378 Certification?
109. What is ISO 10006:2017 & Advantage of ISO 10006?
110. Who can benefit from ISO 26000 and how?
111. What is ISO 30000:2009 Ships and marine technology – Ship recycling management systems?
112. What is ISO 30000:2009 Ships and marine technology – Ship recycling management systems?
113. What are the main changes to the new IATF 16949 standard?
114. What is ISO 20252?
115. What are the Application of ISO 15378 Certification?
116. What are the Benefits while Implementing of ISO 15378 Certification?
117. What does ISO 26000 contain? How did the ISO 26000 initiative come about?
118. What are the benefits of ISO 20252 Market and Social Research Certification?
119. What is ISO 10004:2018 Quality management - Customer satisfaction Management System?
120. What is ISO/TS 17582:2014 Quality management systems-Particular requirements for the application of ISO 9001:2008 for electoral organizations at all levels of government?
121. Which type of Mandatory documents and records required by ISO 27001:2013 ?
122. What is ISO 10012:2013 - Measurement management systems?
123. Which standard is the more appropriate for laboratories?
124. What is “responsibility and authority”?
125. Who developed ISO 26000?
126. What are the benefits of implementing ISO 10004:2018 in an organization?
127. What is the Auditor Competence Requirements?
128. What is ISO 18788?
129. How does an organization go about implementing ISO 26000? What are the benefits of Implementing ISO 26000 Standard?
130. What is ISO 16000-1:2004 - Indoor air -- Part 1: General aspects of sampling strategy?
131. What is ISO/TS 29001?
132. Why is Security Operations Management System important for you?
133. what-is-iso-22163:2017--railway-applications--quality-management-system?
134. What are the Benefits while Implementing ISO 22163:2017?
135. What Main Components of ISO 22163:2017?
136. How do internal and external auditors differ and how should they relate?
137. what are the benefits of ISO/TS 29001? AND why implement ISO/TS 29001?
138. What is ISO 37301Compliance management systems - Requirements with guidance for use?
139. What are the Differences between the Statement of Applicability (SoA) & Risk Treatment Plan (RTP) ?
140. Understanding The ISO 26000 Social Responsibility Standard? How Does The ISO 26000 Standard Function?.
141. What are the Steps for Towards Social Responsibility?
142. What is the importance of ISO 37301Compliance management systems - Requirements with guidance for use?
143. What implications may the affixing of the CE Marking have for the Manufacturer/Importer/Distributor?
144. WHAT IS THE DIFFERENCE BETWEEN ISO 27001 AND ISO 27002?
145. How many Controls are there in ISO 27001?
146. What Is IEC 62304?
147. What are the steps for Implementing a Compliance Management System in an organization?
148. What is CE Marking & CE Marking logo?
149. How does ISO/IEC 27001 standard relates to other management system standards (ISO 9001 and 14001)?
150. Is there any qualification required for ISO 27001 Professionals?
151. Is there any qualification required for ISO 27001 Professionals?
152. What is the difference between disaster recovery management (DRM) and business continuity management?
153. What is the Integrated Management Systems (IMS) & Advantages of Implementation for Integrated Management Systems?
154. What is required to ensure effective integrated management systems?
155. How do we engage our management, persuading them that the ISMS program has to be established?
156. What are the advantages of implementing ISO 14001:2015 Environmental Management System & What type of Companies can get certified to ISO 14001:2015?
157. What duration required man-years (or man-months) are needed to implement ISMS?
158. What is ISO 50001 Energy Management System & What initial steps can my company take to prepare for adopting ISO 50001?
159. How do we define the scope of our ISMS?
160. What is ISO 18091:2014 Standard?
161. What is ISO 18091:2014 Standard?
162. What are the 7 quality management principles?
163. What are the changes find in the company found when we are certified from ISO 27001:2013 Certification?
164. What do we need to do in preparation for a re-certification audit?
165. What are the difference between ISO/TS 16949 to IATF 16949?
166. What is BS 25999-1:2006 ?What are the benefits of BS 25999-1:2006?
167. WHAT IS ISO 10377:2013 & BENEFITS OF ISO 10377:2013 IMPLEMENTATION ?
168. What is ISO 44001:2017 - Collaborative business relationship management?
169. What do you meant by ISO/IEC 27010:2015?
170. What are the benefits of ISO 44001:2017 - Collaborative business relationship management?
171. What is an extended workbench and how can I integrate this into the certification procedure?
172. What is ISO 10393:2013- consumer product recalls?
173. WHY USE AN ISO 17025 ACCREDITED LABORATORY?
174. What is ISO 14298:2013 – Security Printing Process Management?
175. How does ISO 44001 collaborative business relationship management system work in the organization?
176. Is ISO 44001 certification is necessary for an organization?
177. What is 50001 Ready & What are the benefits of becoming 50001 Ready?
178. What is the difference between risk assessment and audit?
179. What is ISO 21101:2014 adventure tourism?
180. How to get certified to ISO 44001? What are the Steps for ISO 44001 Certification?
181. What are the benefits of ISO 14298:2013? What does the intergraf ISO 14298 certification offer?
182. How should have to management define organization’s risk appetite?
183. Which compliance obligations are relevant to ISO27001?
184. WHAT IS THE AS9100 QUALITY MANAGEMENT STANDARD?
185. What are the changes in ISO 44001 from BS 11000-1?
186. What is Occupational Health and Safety Management System (ISO 45001:2018) Standard?
187. Why replaced ISO 18001:2007 standard to ISO 45001:2018?
188.   How does the Internal Audit differ from an External Audit?
189. WHAT ARE THE KEY SUPPLEMENTARY REQUIREMENTS OF AS 9100 BEYOND THE ISO 9001 STANDARD ON WHICH IT IS BUILT?
190. How ISO 45001 is beneficial for my organization?
191. What are the benefits to implementing ISO 45001:2018?
192. What are the differences between OHSAS 18001 and ISO 45001?
193. How to Implement ISO 45001:2018 in my organization?
194. What do you understand by the term ‘Audit Evidence’?
195. How to make the transition from OHSAS 18001 to ISO 45001?
196.   What are the benefits of ISO 9001?
197. What is ISO 24526- Water efficiency management systems?
198. Is 44001 is applicable for all the organization?
199.   What are the impacts of ISO 9001?
200. What are the differences Between Continual Improvement and Continuous Improvement?
201. Why develop an ISO standard relating to water efficiency?
202. Who can use the ISO 24526?
203. What is ISO 24518:2015-Activities relating to drinking water and wastewater services -- Crisis management of water utilities?
204. Is there any guideline for ISO 31000:2018?
205. How to certify my company by ISO 45001 certification from the TNV Certification?
206. What can ISO 24526 do for my business?
207.   How are quality objectives related to risk management?
208. What's New in ISO 45001:2018 Standard?
209. What's New in ISO 45001:2018 Standard?
210. If an organization implements ISO 24526, is certification mandatory?
211. What is ISO 11137 - Sterilization of Health Care Products?
212. What is ISO 50501- ISO for Innovation Management?
213. How does the ISO Certification Body issue ISO certificate in India?
214. What is ISO 45001:2018 (OHSMS) Certification in India?
215. Why Annex SL is now renamed as Annex L?
216. How an ISO 31000 be helpful for an organization?
217. What Is The Published Date For ISO 45001:2018 (OHSMS) standard?
218. What is ISO 21001?
219. What are the opportunities for the lead auditor of ISO 9001?
220. What are the benefits of ISO 21001:2018?
221. Which type of organization can apply for ISO 29001- Petroleum, petrochemical and natural gas industries?
222. What New Requirements for Risk and opportunities as Per the ISO 45001:2018 Standard?
223. What New Requirements for Risk and opportunities as Per the ISO 45001:2018 Standard?
224. Is there any advantage of ISO/TS 29001:2010 for applying in an organization?
225. Is there any advantage of ISO/TS 29001:2010 for applying in an organization?
226. Is there any benefit of Implementing ISO 17025 for an organization?
227. What is ISO/IEC 20000-1 standard-Service Management System?
228. What is the Past story for International organization for standardization (ISO)?
229. What is ISO 19600 Compliance Management Systems?
230. What is ISO 19600 Compliance Management Systems?
231. Is there any difference between ISO/IEC 20000-1 and ITIL?
232. What is the relation between ISO 19600 and ISO 37001?
233. What are the main changes of ISO/IEC 20000-1:2018 from ISO/IEC 20000-1:2011?
234. What are the benefits of ISO 19600 compliance management system?
235. What is ISO 37120 “Sustainable development of communities — Indicators for city services and quality of life”?
236. What are Benefits of ISO 37001 Anti-Bribery standards on the organisation?
237. Why should we take this ISO 24526 Certification services?
238. What is the importance of ISO 24526 in your organization?
239. What is ISO 19600 compliance management systems and how can it help organizations to increase the effectiveness of their compliance management?
240. Is there any advantages/benefits of ISO 37120 Certification?
241. How can I get certification for ISO 37120?
242. What approach should companies take when considering ISO 19600?
243. How to implement ISO 37120 Certification in the organization?
244. How does our Organization benefit from taking this ISO 18788 Certification Services?
245. What are the important elements of ISO 18788 Security Operations Management System?
246. What is ISO 28000 Specification for security management systems for the supply chain?
247. What is difference between ISO Accreditation & Certification?
248. What is Risk based Thinking in ISO 9001:2015?
249. What are the Key Changes in ISO 22000:2018?
250. What is the Common Structure for ISO 22000-2018?
251. What are the RECOMMENDED STEPS FOR CERTIFIED CLIENT FOR THE TRANSITION of ISO 22000-2018
252. What is the FSMS Transition Audit and Audit Duration for transition of ISO 22000-2018?
253. What is the Key Concept of ISO 22000-2018?
254. List of the external origin documents for ISO Certification body?
255. How to apply for ISO 22163:2017?
256. How the Medical device can be classified?
257. What is Critical Control Points (CCPs)?
258. What is the difference between PRP’s (Prerequisite Programs), OPRP’s (Operational Prerequisite Programs) & CCP’s (Critical Control Points)?
259. What are the Principles of HACCP?
260. How Sterilization Processes are monitored?
261. What is ISO 22716? And what are its benefits?
262. What is Data Management?
263. What are the benefits of ISO 28000 supply chain management system?
264. What is PCI DSS?
265. What are the standards specific requirements for PCI DSS (Payment Card Industry Data Security Standard)
266. What are the types of sterilization Techniques and methods?
267. What are the benefits of data management?
268. What are the Benefits of data Governanance?
269. What is Data governance (DG)?
270. What is ISO 20700?
271. What is the Benefits of Sterilizing Medical Equipments?
272. What is a Quality Manual?
273. What is the difference between HACCP Verification and HACCP Validation?
274. What Your Cost of Quality Calculation is Missing
275. Cost Of Quality
276. 13485

User questions & answers

  • We were unable to any existing question.?

leave a reply

Categories

© 2013 - 2025 . All Rights Reserved.