cancel
Showing results for 
Search instead for 
Did you mean: 
No ratings
SusanReadMiller
Archer Employee
Archer Employee

The ISO/IEC 27001 is an information security management system (ISMS) standard published in October 2013 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Note: The 2013 version of 27001 is the most current version of the standard.  Please refer to the ISO/IEC website for updates regarding when the newest version of ISO/IEC 27001 will be available.


ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2013 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

ISO/IEC 27002 is an information security management system (ISMS) standard with the most recent version published in March 2022 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).ISO/IEC 27002 provides a reference set of generic information security controls including implementation guidance. This document is designed to be used by organizations:

a) within the context of an information security management system (ISMS) based on ISO/IEC27001;

b) for implementing information security controls based on internationally recognized best practices;
c) for developing organization-specific information security management guidelines. 


We have formatted the ISO/IEC 27002 content in two different ways that can be imported into Archer. First, it has been formatted as Control Procedure content that can be imported into the Master Controls application. ISO/IEC 27001 has been updated to be linked to the new version. Second, by customer request, we have also formatted it to be its own Authoritative Source if customers would like to use the content in that way.

 

Languages

This content is available in English only.

 

Mappings

Mappings for the ISO 27001 and 27002 to the Archer Control Standard Library are available in the authoritative source content pack. This content includes questions associated with this authoritative source

 

Licensing Restrictions

The ISO 27001 and 27002 authoritative source content is available with the use of the Archer Policy Program Management use case, the Archer IT Policy Program Management use case, and/or the Archer Assessment & Authorization use case. 

This content requires a license and/or membership in good standing as required by the terms set forth by ISO. For more information about licensing, contact ANSI.

 

For Additional Support

To learn more about this content, please contact your Account Rep for additional details. To obtain this content or for technical support questions, please open a support case.

Was this article helpful? Yes No
Version history
Last update:
‎2022-07-01 09:51 AM
Updated by: