Information security management – ISO standards

ISO’s latest information security management standard is the revised ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls. It provides new guidance for selecting controls to use within an Information Security Management System (ISMS) based on ISO 27001:2013.

ISO also recently published the revised ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements. It covers the latest requirements to establish, implement, maintain, and continually improve an ISMS.

Controls – ISO/IEC 27002

The revised ISO/IEC 27002 lets you compare your existing security policies and Statements of Applicability against new and revised controls and guidance. If you are implementing information security for the first time, it ensures you are following today’s best practice from the start.

The standard is based on the high-level structure that will be common to all new management system standards (including ISO/IEC 27001).

ISO/IEC 27002 can be used by organisations that intend to:

  • select controls within the process of implementing an ISMS based on ISO/IEC 27001
  • implement commonly accepted information security controls
  • develop their own information security management guidelines.

It can also be used as a guidance document for any organisation wishing to implement commonly accepted information security controls.

Systems – ISO/IEC 27001

ISO/IEC 27001 helps organisations to prepare for information security breaches and secure their information assets. This is vital in today’s world where cyber-attacks are on the rise and both large and small businesses are experiencing more security breaches. The updated standard helps organisations to deal with today’s risks including identity theft, risks related to mobile devices, and other online vulnerabilities.

Note: You can order international standards from, or call 0800 782 632 during business hours, or email Members of Standards New Zealand receive a 20% discount on all NZS and AS/NZS standards, and a 10% discount on all international standards. Visit our membership page for more information.

There is an active New Zealand International Review Group (IRG) mirroring the work of ISO/IEC JTC 1 SC 27, which published ISO 27001 and 27002. For more information on the work of the NZ IRG, please email

Buy ISO/IEC 27002:2013

Published in business and ICT.