The companion guidance to ISO/IEC 27001 that explains how to implement each information security control in detail.
ISO/IEC 27002 is a guidance standard, not a certifiable one. It expands on the controls referenced in Annex A of ISO/IEC 27001, describing the purpose of each control and how to apply it.
Organizations use it as an implementation handbook while ISO/IEC 27001 remains the standard they are audited against. The 2022 edition introduced control attributes and the four-theme structure now mirrored in Annex A.
Related frameworks
KaitoSec