Showing results for 
Search instead for 
Did you mean: 
No ratings
Archer Employee
Archer Employee

Update: Effective December 2022, ISO 27001:2022 and ISO 27002:2022 are now available.

ISO/IEC 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2013 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

ISO/IEC 27002 is an information security management system (ISMS) standard with the most recent version published in March 2022 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC 27002 provides a reference set of generic information security controls including implementation guidance. This document is designed to be used by organizations:

a) within the context of an information security management system (ISMS) based on ISO/IEC27001;

b) for implementing information security controls based on internationally recognized best practices;
c) for developing organization-specific information security management guidelines. 

Note: ISO/IEC 27001 and 27002 content is available as both Control Procedures that can be imported into the Primary Controls application and as an Authoritative Source.



This content is available in English only.



Mappings for the ISO 27001 and 27002 to the Archer Control Standard Library are available in the authoritative source content pack. 


Licensing Restrictions

The ISO 27001 and 27002 authoritative source content is available with the use of the Archer Policy Program Management use case, the Archer IT Policy Program Management use case, and/or the Archer Assessment & Authorization use case. 

This content requires a license and/or membership in good standing as required by the terms set forth by ISO. For more information about licensing, contact ANSI.


For Additional Support

To learn more about this content, please contact your Account Rep for additional details. To obtain this content or for technical support questions, please open a support case.

Was this article helpful? Yes No
Version history
Last update:
‎2022-12-19 02:27 PM
Updated by: