Skip over navigation
Ultima Risk Management Logo linking to homepage
  • Contact us
  • Site map
  • Home
  • Consultancy
    • Introduction
    • Information Security (ISO 27001)
    • Business Continuity Management (BS 25999)
    • PCI DSS
    • IT Service Management (ITIL & ISO 20000)
    • Data Protection
    • Information Risk Management
    • Software Asset Management
    • Polices & Procedures
  • Training
    • Training Courses
    • CISMP - ISEB Certificate in Information Security Management Principles
    • PCBCM - ISEB Practitioner Certificate in Business Continuity Management
    • PCIRM - ISEB Practitioner Certificate in Information Risk Management
    • SAM - ISEB Certificate in Software Asset Management Essentials
    • PCSAM - ISEB Practitioner Certificate in Software Asset Management
    • BCM - BCI Understanding BCM Principles and Good Practice
    • All other courses
    • Training Schedule
  • Products
    • ISO 27001 Risk Assessment Tool
    • BS 25999 Risk Assessment Tool
  • Events
    • BS 25999 Implementation Seminar
  • Case Studies
    • Audatex - Global first Dual certification
  • About us
    • Company Profile
    • URM's Partners
    • How to contact us
Home / Consultancy / Information Security (ISO 27001) / Relationship between ISO 27002 and ISO 27001
getting the balance right
Getting the Balance Right

The relationship between ISO 27002 and ISO 27001

ISO/IEC 27002:2005 (ISO 27002) was previously known as ISO/IEC:17799:2005 but was renamed in 2007 to bring it in line with other Standards within the ISO 27000 family.

ISO 27002 is entitled "Information Technology – Security Techniques - Code of Practice for Information Security Management" and provides guidance and best practice information on the implementation of each of the 133 controls within the Standard.

An organisation wishing to comply with ISO 27002 can select controls from the Standard and implement controls based on the best practice contained within the guide.

ISO 27001 is entitled "Information Technology – Security Techniques – Information Security Management Systems Requirements" and provides a framework for those organisations who are seeking formal certification.

Certification is provided by an external assessment body who are accredited to certify organisations to ISO 27001.

  • Introduction
  • Information Security (ISO 27001)
    • Relationship between ISO 27002 & ISO 27001
    • How to Comply with ISO 27002 or Certify to ISO 27001
    • ISO 27001 Awareness Training
    • ISO 27001 Case Studies
  • Business Continuity Management (BS 25999)
  • PCI DSS
  • IT Service Management (ITIL & ISO 20000)
  • Data Protection
  • Information Risk Management
  • Software Asset Management
  • Polices & Procedures

Copyright © Ultima Risk Management, 2008. All Rights Reserved.

contact us | careers | terms of use | privacy | site map