The ISO 27002 standard (formerly known as the ISO 17799 standard), is a code of practice for information security. It outlines hundreds of potential controls and control mechanisms, which may be implemented subject to the guidance provided within the ISO 27001 framework.
The standard establishes guidelines and general principles for initiating, implementing, maintaining as well as improving information security management within an organization. The controls that are listed within the standard address the specific requirements identified through a formal risk assessment. The standard is also intended to provide guidance for the development of organizational security standards and effective security management practices.
The basis of the standard was originally a document published by the UK government, which became a standard in 1995, when it was re-published by BSI as BS7799. In 2000 it was again re-published, this time by ISO, as ISO 17799. A new version of this appeared in 2005, along with a new publication, ISO 27001. These two documents are intended to be used together, complimenting each other.