top of page

Revision of ISO/IEC 27002 - What to expect?

ISO/IEC 27002 Information security, cybersecurity and privacy protection — Overview of new controls


By Saju S Pillai


ISO 27002 is going through the process of change – the old 2013 revision with 113 security controls is being transformed into a more modern standard with 93 controls and better structure and is currently in the form of Final Draft International Standard (FDIS).


This FDIS was published by the International Organization for Standardization (ISO) in November 2021, while the final version of ISO 27002 is expected to be released in the first half of 2022 and will be the same as the FDIS ISO 27002 presented in this blog (or with only slight changes). Because ISO 27002 is a supporting standard for ISO 27001 implementation, it is expected that Annex A of ISO 27001 will be aligned with ISO 27002 during 2022.