It is worth reading ISO 27002 to see typical ways that a requirement of 27001 could be satisfied. To put it another way, ISO 27002 is implementation guidance for ISO 27001– it helps organisations consider what they need to put in place to meet the requirements of ISO 27001. ISO 27002 is the most well known of these. In full, whilst ISO 27001 compliance is commonly discussed, there are a number of other standards in the ISO27000 family, that help provide ISO 27001 implementation guidance. ISO 27002:2013 Code of practice for information security controls.ISO 27001:2013 Information security management systems - requirements.The formal titles of the two standards are as follows: To broadly generalise, ISO 27002 and a number of other standards in the same 27000 family, can be considered to be supporting documents to ISO 27001, giving guidance and advice on the implementation. It details what organisations must implement in order to have an ISMS that meets the requirements of ISO 27001. In short, ISO 27001 is the standard for implementing an Information Security Management System (ISMS) that companies are certified against.
