Title:ISO 27002 (version 2.0) - Code of practice for information security management
Creator: International Organization for Standards (ISO)
Description: ISO 27002 is based on ISO27001 (which has already been nominated for adoption) and provides guidelines for the selection, management, and application of Information Security controls designed to meet with an organizations security risk environment(s).
Privacy: Privacy Enhancing and Voluntary: ISO 27002 provides controls that, when properly applied and implemented, protect the confidentiality of data. While not specifically a “privacy” standard, the controls address access and encryption of sensitive information which could, and often does, include PII and other user data.
Security: Secure and Resilient: ISO 27002 supports the establishment of strong organizational information security based on internationally recognized controls and practices. It can serve as one of several possible foundations upon which consistent information security policies and practices can be built to support expansion of secure and resilient identity solutions.
Interoperability: Interoperable: ISO 27002 is internationally recognized and applied in multiple industries and sectors. It supports a common understanding of information security practices and controls—thereby enabling policy interoperability.