What is ISO 27002:2022 ?
ISO/IEC 27002:2022 is the implémentation guide for information security controls. Complementary to ISO 27001, it provides detailed guidance for each of the 93 Annex A controls, organized into four themes: organizational, people, physical, and technological. Each control is described with its purpose, implémentation guidance, and attributes (control type, information security property, cybersecurity concept, operational capability, security domain).
Key Points
- 93 controls organized in 4 themes: organizational (37), people (8), physical (14), technological (34)
- Each control includes a purpose, implémentation guidance, and classification attributes
- 11 new controls in 2022: threat intelligence, cloud security, data masking, DLP, web filtering, secure coding
- Serves as the reference for building the Statement of Applicability (SoA) under ISO 27001
- Attribute-based approach enabling mapping to other frameworks (NIST, CIS, COBIT)
Why Zaxyr
Zaxyr natively integrates all 93 ISO 27002:2022 controls with their attributes. The platform automatically generates ISO 27001 mapping, identifies gaps between your existing controls and the standard's recommendations, and continuously collects implémentation evidence from your tools (SIEM, IAM, cloud). The SoA is kept up to date automatically.