Despite its value, ISO/IEC 27002 has limitations:
Let’s assume that ISO has a future project. In the ISO catalog, numbers are sequential. The 27000 family currently stops around 27021 (Guidelines for information security management system auditing). The next logical numbers (27022, 27023, etc.) have not yet been assigned.
If a future standard were to be called ISO 27022, it would likely cover a niche area of information security, such as: iso 27022 pdf
However, as of today, such a document does not exist.
A: No, because the standard does not exist. Be wary of any website offering it—they are likely distributing malware or a fake document. Despite its value, ISO/IEC 27002 has limitations: Let’s
| Standard | Purpose | Certifiable? | |----------|---------|---------------| | ISO/IEC 27001 | ISMS requirements | Yes | | ISO/IEC 27002 | Control implementation guidance | No | | ISO/IEC 27005 | Risk management guidance | No | | ISO/IEC 27032 | Cybersecurity guidelines | No |
Thus, 27002 complements rather than competes. A typical project downloads both the 27001 and 27002 PDFs. However, as of today, such a document does not exist
Controls like “paper and print media” disposal were moved to general asset management.
A: It was likely a typo. Between 2015 and 2019, some early draft documents about cloud computing security were mistakenly labeled "27022" in informal discussions, but those were never ratified.