Glossary term

ISO 27002

Also: ISO/IEC 27002:2022

Companion standard to ISO 27001 that fleshes out the 93 Annex A controls. Not certifiable, but the practical handbook for implementation.

ISO 27002:2022 groups 93 controls across four themes: 37 organisational, 8 people, 14 physical, 34 technological. Each control has purpose, guidance and supplementary notes.

Compared to the previous 27002:2013, significantly consolidated (from 114 to 93 controls) and extended with new topics: threat intelligence, information security for cloud services, ICT readiness for business continuity, physical security monitoring, configuration management, data leakage prevention, web filtering, secure coding.

Application: ISO 27002 serves as a quarry for ISMS implementation, audit preparation and vendor reviews.

Related terms

ISO 27001

International standard for information security management systems. Current version ISO/IEC 27001:20…

SOC 2 Type 2

Audit report by a US public accountant under AICPA SSAE 18 standard, confirming the operating effect…

IAM (Identity and Access Management)

The stack of systems that governs who has access to which systems under which conditions. IAM covers…

ICT Concentration Risk

Risk arising from dependence on a small number of or a single ICT third-party provider. DORA Art. 29…

IGA

Software category for identity governance: lifecycle management, role modelling, access recertificat…

AI Act Conformity Assessment

Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed …

AI Act Risk Categories

Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited …

Audit-ready decision

A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir…

← All terms Book a demo →