ISO/IEC 27001 and ISO/IEC 27002...

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi guys,

Can anyone explain the difference between ISO/IEC 27001 and ISO/IEC 27002 please?

is ...02 just a newer standard or are they 2 parts of the same qualification?


Also, is ISO/IEC 20000 related to the above or does it stand as a separate Service Management cert?

Any help would be greatly appreciated

Thanks
m

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

There are two possible roles for consultants: either they can advise the organisation on the changes to implement in order to comply with the standard, or else they can act as auditors to carry out the certification itself. The two roles are mutually exclusive, as an ISO 27001 consultant cannot subsequently certify an organisation that he or she has previously advised.

 

That's nice but goes in no way to answering the original question, asked over a year ago

To the OP, if they still care, read something like this to get an idea of why they are different

http://www.infosecisland.com/blogview/8055-ISO-27001-vs-ISO-27002.html