Office hours · 09:00–18:00 IST info@abscerts.com
+91 96257 76771 +91 97925 86202 EN · 40+ countries

ISO Certifications

ISO 27002:2022 — Information Security Controls

The reference catalogue of information security controls. Organisations don't certify to ISO 27002 directly — they implement its controls and certify to ISO 27001.

Book a consultation
ISO 27002 information security controls reference
10-14 weeks Typical timeline to certificate
ISO Governing body / standard owner
Independent Accredited & globally recognised
What this covers
ISO 27002Security ControlsISO 27001Information Security

What ISO 27002 covers

ISO 27002 is the international reference catalogue of information security controls. The 2022 revision reorganised the controls into four themes — organisational, people, physical and technological — and updated them for modern threats. It provides detailed guidance on what each control is and how to implement it.

Crucially, ISO 27002 is not a certifiable standard on its own. You do not “get certified to ISO 27002.” Instead, organisations implement the relevant controls from ISO 27002 and achieve certification to ISO 27001, which is the certifiable information security management system standard. ISO 27002 is the toolbox; ISO 27001 is the certificate.

How ISO 27002 is used

In practice, ISO 27002 is the controls reference that sits behind an ISO 27001 programme:

  • ISO 27001 requires you to select and implement appropriate controls
  • ISO 27002 describes those controls in detail — purpose, guidance and implementation
  • During an ISO 27001 audit, ABS uses ISO 27002 as the reference for assessing how well each selected control is designed and operating

So if your goal is certifiable assurance over information security, the destination is ISO 27001 — and ISO 27002 is how you and the auditor reason about the controls along the way. It sits within the IT-security part of the ISO Certifications portfolio.

Timeline & process

Because certification is achieved through ISO 27001, the timeline follows that standard — typically around 10–14 weeks for an organisation with controls already in place. ABS can also run a focused gap assessment of your controls against ISO 27002 as preparation. Each engagement begins with a fixed-price scoping call and a proposal within 24 hours.

Common questions

Can you get certified to ISO 27002?

No. ISO 27002 is a reference catalogue of information security controls, not a certifiable management system. Organisations implement the relevant controls and then certify to ISO 27001. ABS uses ISO 27002 as the controls reference during ISO 27001 audits.

What is the difference between ISO 27001 and ISO 27002?

ISO 27001 sets the requirements for an information security management system and is the standard you get certified to. ISO 27002 is the detailed guidance on the controls themselves. You certify to ISO 27001 using ISO 27002 as the control reference.

More services

Related certifications

agile-transformation / 01 Agile coaching with a delivery team

Agile Coaching

Experienced coaches working alongside your teams and leaders to adopt agile ways of working — and to sustain them across the organisation.

Agile CoachingAgile TransformationScrumKanban
Get a quote
cmmi / 02 CMMi for Development process maturity improvement

CMMi for Development (CMMi-DEV)

Process maturity improvement for organisations that design and build products, software and systems — benchmarked against the CMMI Development view.

CMMiCMMi-DEVProcess ImprovementSoftware Development
Get a quote
industry-food-certifications / 03 HACCP food safety hazard analysis certification

HACCP Certification

Certification of a HACCP food safety system — the internationally recognised approach to identifying and controlling hazards across the food chain.

HACCPFood SafetyHazard AnalysisIndustry & Food
Get a quote

Get started

Ready to get certified?

Get a free, fixed-price quote within one business day. No obligation, no sales pressure, no follow-up spam — just a clear path to certification.

Book a 30-min consultation
24-hour response time Fixed price, multi-currency IAS / IAF accredited 40+ countries served

Before you go — let us help

Drop your details and we'll send a free certification roadmap tailored to your business. No spam, ever.

By submitting, you agree to ABS's privacy policy. We never share your details.