It is part of the ISO/IEC 27000 series, which offers a comprehensive framework for information security management.

ISO 27002 covers a wide range of security controls and addresses various aspects of information security, cybersecurity, and privacy protection. The standard provides guidance on the selection, implementation, and management of controls to protect the confidentiality, integrity, and availability of information assets.

Key areas covered by ISO 27002 include:

1. Information Security Policies: Establishing and maintaining information security policies, objectives, and a framework for managing security risks.

2. Organization of Information Security: Defining roles, responsibilities, and accountabilities for information security within the organization, including governance, management, and operational structures. 

3. Human Resource Security: Addressing security aspects related to employees, contractors, and third-party personnel, including screening, awareness, training, and the management of information security incidents.

4. Asset Management: Identifying and managing information assets, including their ownership, classification, handling, and protection throughout their lifecycle.

5. Access Control: Implementing controls to ensure appropriate access to information resources, including user authentication, authorization, and user management.

6. Cryptography: Guidelines for the use of cryptographic mechanisms to protect the confidentiality, integrity, and authenticity of information.

7. Physical and Environmental Security: Measures to protect physical assets and ensure a secure environment for information processing, storage, and communication.

8. Operations Security: Controls related to the management of operational processes, including change management, system acquisition, development and maintenance, and the protection of information in networks and systems.

9. Communications Security: Ensuring the security of information during its transfer within and outside the organization, including network security, electronic messaging, and media handling. 

10. Incident Management: Establishing an effective incident management capability to respond to and recover from information security incidents.

11. Business Continuity Management: Planning, implementing, and maintaining processes to ensure the continuity of information security in the event of disruptions or disasters.

12. Compliance: Ensuring compliance with relevant laws, regulations, contractual obligations, and security requirements through monitoring, audits, and reviews.

ISO 27002 provides a comprehensive set of controls that organizations can adopt and adapt to their specific needs and risk profiles. Compliance with ISO 27002 helps organizations establish a robust information security management system (ISMS) and demonstrate their commitment to protecting sensitive information, managing risks, and safeguarding customer trust.

It is important to note that ISO 27002 is not a certification standard but rather a guidance document. Organizations can seek certification against ISO 27001, which is the standard for establishing an ISMS, and use ISO 27002 as a reference for implementing the necessary controls.

Begin your ISO/IEC 27001 journey today with our industry leading ISMS 27001 Scoping & Gap Assessment Workbook.  Our comprehensive, in-depth ISMS 27001 Scoping & Gap Assessment Workbook will help organizations clearly define the scope of their Information Security Management System (ISMS) as required by ISO/IEC 27001.

Also, we offer industry leading security documentation for helping organizations develop all required Information Security Management System (ISMS) policies, procedures, programs, and plans in accordance with ISO/IEC 27001 & 27002.

Additional documentation offered included a wide range of ISO specific InfoSec, cybersecurity and data privacy documents, along with an industry leading Risk Assessment Program, Statement of Applicability Workbook, Internal Audit Program, Continuous Monitoring Program, and so much more.