{"id":12450,"date":"2026-02-11T23:14:29","date_gmt":"2026-02-11T23:14:29","guid":{"rendered":"https:\/\/gcc-cert.com\/?p=12450"},"modified":"2026-02-26T21:56:17","modified_gmt":"2026-02-26T21:56:17","slug":"iso-27001-vs-iso-27002-information-security","status":"publish","type":"post","link":"https:\/\/gcc-cert.com\/en\/blog\/iso-27001-vs-iso-27002-information-security\/","title":{"rendered":"The Difference Between ISO 27001 and ISO 27002: A Comprehensive Guide to Understanding Information Security Standards"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"12450\" class=\"elementor elementor-12450 elementor-12449\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-000c719 e-flex e-con-boxed rt-default-class e-con e-parent\" data-id=\"000c719\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-66885b3 rt-default-class elementor-widget elementor-widget-text-editor\" data-id=\"66885b3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<blockquote><h2 data-start=\"664\" data-end=\"674\">Introduction<\/h2><p data-path-to-node=\"6\">Data is the new oil in the digital age, and protecting it is no longer a luxury but a strategic necessity. Many professionals find it confusing to understand the <b data-path-to-node=\"6\" data-index-in-node=\"146\">difference between ISO 27001 and ISO 27002<\/b>, and how each complements the other. While one focuses on &#8220;what&#8221; we should do to build a security system, the other focuses on &#8220;how&#8221; to technically implement it.  <\/p><p data-path-to-node=\"7\">In this article, we will delve deep into the details of these two standards, and show you how you can use them together to secure your company&#8217;s information assets and gain international recognition. Whether you are an IT manager or a business owner, you will find the roadmap you need here.    <\/p><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fb55b33 rt-default-class elementor-widget elementor-widget-text-editor\" data-id=\"fb55b33\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<h2 data-path-to-node=\"13\">Overview of Information Security and ISO Standards<\/h2><p data-path-to-node=\"14\">With the increasing complexity of cyberattacks, organizations need a unified and reliable framework. The International Organization for Standardization (ISO) plays a pivotal role by providing the ISO\/IEC 27000 family of standards.  <\/p><p data-path-to-node=\"15\">Why Do Companies Need These Standards?<\/p><ul data-path-to-node=\"16\"><li><p data-path-to-node=\"16,0,0\"><b data-path-to-node=\"16,0,0\" data-index-in-node=\"0\">Building Trust:<\/b> Customers are reassured when they know their data is managed according to a global standard.<\/p><\/li><li><p data-path-to-node=\"16,1,0\"><b data-path-to-node=\"16,1,0\" data-index-in-node=\"0\">Continuity:<\/b> Reducing the likelihood of business disruption due to breaches.<\/p><\/li><li><p data-path-to-node=\"16,2,0\"><b data-path-to-node=\"16,2,0\" data-index-in-node=\"0\">Legal Compliance:<\/b> Meeting the requirements of data protection legislation such as GDPR or local regulations.<\/p><\/li><\/ul><h2 data-path-to-node=\"19\">What is ISO 27001?<\/h2><p data-path-to-node=\"20\">ISO 27001 is known as the international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an <a href=\"https:\/\/gcc-cert.com\/en\/blog\/iso-27001-in-kuwait-gravity\/\"><b data-path-to-node=\"20\" data-index-in-node=\"81\">Information Security Management System (ISMS)<\/b><\/a>.<\/p><h3 data-path-to-node=\"21\">Definition and Objective<\/h3><p data-path-to-node=\"22\">The primary goal is not just to implement protection programs, but to create a comprehensive management methodology. The specification focuses on a risk-based approach; meaning you don&#8217;t implement random controls, but rather those actually needed based on a precise assessment.   <\/p><h3 data-path-to-node=\"23\">Who Needs It?<\/h3><p data-path-to-node=\"24\">Any organization that stores sensitive data, whether it&#8217;s a bank, a hospital, or even a software startup, needs this standard to ensure the confidentiality, integrity, and availability of information.   <\/p><h2 data-path-to-node=\"27\">What is ISO 27002?<\/h2><p data-path-to-node=\"28\">If ISO 27001 is the &#8220;rulebook,&#8221; then ISO 27002 is the &#8220;guideline manual.&#8221; <\/p><h3 data-path-to-node=\"29\">Purpose of the Standard<\/h3><p data-path-to-node=\"30\">ISO 27002 serves as a code of practice that provides detailed guidance on how to implement the security controls mentioned in Annex A of ISO 27001. It does not grant separate certifications but is used as a technical reference for engineers and managers during implementation.  <\/p><h3 data-path-to-node=\"31\">How is it Used in Practice?<\/h3><p data-path-to-node=\"32\">When ISO 27001 asks you to &#8220;secure passwords,&#8221; you refer to ISO 27002 to find explanations about password length, complexity, and change intervals.  <\/p><h2 data-path-to-node=\"35\">Key Differences Between ISO 27001 and ISO 27002<\/h2><p data-path-to-node=\"36\">To clearly understand the <b data-path-to-node=\"36\" data-index-in-node=\"5\">difference between ISO 27001 and ISO 27002<\/b>, let&#8217;s look at this comparative table: <\/p><table data-path-to-node=\"37\"><thead><tr><td><strong>Comparison Aspect<\/strong><\/td><td><strong>ISO 27001<\/strong><\/td><td><strong>ISO 27002<\/strong><\/td><\/tr><\/thead><tbody><tr><td><span data-path-to-node=\"37,1,0,0\"><b data-path-to-node=\"37,1,0,0\" data-index-in-node=\"0\">Standard Type<\/b><\/span><\/td><td><span data-path-to-node=\"37,1,1,0\">Management Standard (Requirements)<\/span><\/td><td><span data-path-to-node=\"37,1,2,0\">Guidance Standard (Practices)<\/span><\/td><\/tr><tr><td><span data-path-to-node=\"37,2,0,0\"><b data-path-to-node=\"37,2,0,0\" data-index-in-node=\"0\">Certification<\/b><\/span><\/td><td><span data-path-to-node=\"37,2,1,0\"><b data-path-to-node=\"37,2,1,0\" data-index-in-node=\"0\">Certifiable<\/b> (Company obtains certification)<\/span><\/td><td><span data-path-to-node=\"37,2,2,0\"><b data-path-to-node=\"37,2,2,0\" data-index-in-node=\"0\">Not Certifiable<\/b> (Reference only)<\/span><\/td><\/tr><tr><td><span data-path-to-node=\"37,3,0,0\"><b data-path-to-node=\"37,3,0,0\" data-index-in-node=\"0\">Main Purpose<\/b><\/span><\/td><td><span data-path-to-node=\"37,3,1,0\">Building the Management System (ISMS)<\/span><\/td><td><span data-path-to-node=\"37,3,2,0\">Detailed Explanation of Security Controls<\/span><\/td><\/tr><tr><td><span data-path-to-node=\"37,4,0,0\"><b data-path-to-node=\"37,4,0,0\" data-index-in-node=\"0\">Focus<\/b><\/span><\/td><td><span data-path-to-node=\"37,4,1,0\">Risks, Leadership, and Improvement<\/span><\/td><td><span data-path-to-node=\"37,4,2,0\">Technologies, Procedures, and Implementation<\/span><\/td><\/tr><tr><td><span data-path-to-node=\"37,5,0,0\"><b data-path-to-node=\"37,5,0,0\" data-index-in-node=\"0\">Obligation<\/b><\/span><\/td><td><span data-path-to-node=\"37,5,1,0\">Clauses (1-10) are mandatory for certification<\/span><\/td><td><span data-path-to-node=\"37,5,2,0\">Optional (you can choose what suits you)<\/span><\/td><\/tr><\/tbody><\/table><p data-path-to-node=\"39\"> Information Security Requirements and Controls<\/p><p data-path-to-node=\"41\">To achieve comprehensive security, <b data-path-to-node=\"41\" data-index-in-node=\"31\">ISO 27001 information security requirements<\/b> must be combined with technical guidelines. <\/p><h3 data-path-to-node=\"42\">Essential ISO 27001 Requirements<\/h3><p data-path-to-node=\"43\">The specification consists of 10 main clauses, the most important of which are Clause 6 (Risk Planning) and Clause 9 (Performance Evaluation). The organization must prepare a document called a &#8220;Statement of Applicability&#8221; (SoA) that defines the controls to be implemented.  <\/p><h3 data-path-to-node=\"44\">Security Controls in ISO 27001 (2022 Update)<\/h3><p data-path-to-node=\"45\">In the latest update, controls have been consolidated and reduced to <b data-path-to-node=\"45\" data-index-in-node=\"45\">93 controls<\/b> divided into 4 main categories: <\/p><ol start=\"1\" data-path-to-node=\"46\"><li><p data-path-to-node=\"46,0,0\"><b data-path-to-node=\"46,0,0\" data-index-in-node=\"0\">Organizational Controls:<\/b> (e.g., information security policies).<\/p><\/li><li><p data-path-to-node=\"46,1,0\"><b data-path-to-node=\"46,1,0\" data-index-in-node=\"0\">People Controls:<\/b> (e.g., awareness and training).<\/p><\/li><li><p data-path-to-node=\"46,2,0\"><b data-path-to-node=\"46,2,0\" data-index-in-node=\"0\">Physical Controls:<\/b> (e.g., office and equipment security).<\/p><\/li><li><p data-path-to-node=\"46,3,0\"><b data-path-to-node=\"46,3,0\" data-index-in-node=\"0\">Technological Controls:<\/b> (e.g., encryption and vulnerability management).<\/p><\/li><\/ol><h2 data-path-to-node=\"49\">Information Risk Management in ISO 27001<\/h2><p data-path-to-node=\"50\"><b data-path-to-node=\"50\" data-index-in-node=\"6\">Information risk management<\/b> is the actual driver of the ISO system. An organization does not try to protect everything with the same intensity, but rather focuses its resources where the greatest threats exist.  <\/p><p data-path-to-node=\"51\">The risk management process includes:<\/p><ol start=\"1\" data-path-to-node=\"52\"><li><p data-path-to-node=\"52,0,0\"><b data-path-to-node=\"52,0,0\" data-index-in-node=\"0\">Asset Identification:<\/b> What data and equipment are important?<\/p><\/li><li><p data-path-to-node=\"52,1,0\"><b data-path-to-node=\"52,1,0\" data-index-in-node=\"0\">Threat Analysis:<\/b> Such as hacking, fire, or data leakage. <\/p><\/li><li><p data-path-to-node=\"52,2,0\"><b data-path-to-node=\"52,2,0\" data-index-in-node=\"0\">Impact and Likelihood Assessment:<\/b> What would happen if the risk occurred?<\/p><\/li><li><p data-path-to-node=\"52,3,0\"><b data-path-to-node=\"52,3,0\" data-index-in-node=\"0\">Risk Treatment:<\/b> Selecting appropriate controls from ISO 27002 to reduce the risk to an acceptable level.<\/p><\/li><\/ol><h2 data-path-to-node=\"55\">Steps to Obtain ISO 27001 Certification<\/h2><p data-path-to-node=\"56\">To obtain accredited <a href=\"https:\/\/gcc-cert.com\/en\/blog\/iso-27001-in-kuwait-gravity\/\"><b data-path-to-node=\"56\" data-index-in-node=\"11\">ISO 27001 certification<\/b><\/a>, an organization goes through several stages: <\/p><ol start=\"1\" data-path-to-node=\"57\"><li><p data-path-to-node=\"57,0,0\"><b data-path-to-node=\"57,0,0\" data-index-in-node=\"0\">Gap Analysis:<\/b> Understanding the difference between your current state and the standard&#8217;s requirements.<\/p><\/li><li><p data-path-to-node=\"57,1,0\"><b data-path-to-node=\"57,1,0\" data-index-in-node=\"0\">System and Documentation Building:<\/b> Drafting policies and procedures.<\/p><\/li><li><p data-path-to-node=\"57,2,0\"><b data-path-to-node=\"57,2,0\" data-index-in-node=\"0\">Practical Implementation:<\/b> Activating security controls for at least 3 months.<\/p><\/li><li><p data-path-to-node=\"57,3,0\"><b data-path-to-node=\"57,3,0\" data-index-in-node=\"0\">Internal Audit:<\/b> Self-examination of the system.<\/p><\/li><li><p data-path-to-node=\"57,4,0\"><b data-path-to-node=\"57,4,0\" data-index-in-node=\"0\">External Audit:<\/b> A Certification Body reviews the system.<\/p><\/li><\/ol><blockquote data-path-to-node=\"58\"><p data-path-to-node=\"58,0\"><b data-path-to-node=\"58,0\" data-index-in-node=\"0\">Cost and Duration:<\/b> The duration ranges from 6 to 12 months, and the cost depends on the size of the organization and the scope of work. <\/p><\/blockquote><h2 data-path-to-node=\"61\">Which Standard Should You Choose for Your Company?<\/h2><p data-path-to-node=\"62\">The short answer is: <b data-path-to-node=\"62\" data-index-in-node=\"21\">You need both, but for different purposes.<\/b><\/p><ul data-path-to-node=\"63\"><li><p data-path-to-node=\"63,0,0\">Choose <b data-path-to-node=\"63,0,0\" data-index-in-node=\"5\">ISO 27001<\/b> if you seek official recognition, participation in major tenders, or building a strong management structure.  <\/p><\/li><li><p data-path-to-node=\"63,1,0\">Use <b data-path-to-node=\"63,1,0\" data-index-in-node=\"5\">ISO 27002<\/b> as a daily guide for your IT team to ensure the implementation of best technical practices.<\/p><\/li><\/ul><h3 data-path-to-node=\"65\">Conclusion and Recommendations<\/h3><p data-path-to-node=\"66\">In conclusion, understanding the <b data-path-to-node=\"66\" data-index-in-node=\"19\">difference between ISO 27001 and ISO 27002<\/b> remains the first step towards building a robust digital defense system. Remember that ISO 27001 provides you with the certification and structure, while ISO 27002 provides you with the technical details and expertise.   <\/p><p data-path-to-node=\"67\"><b data-path-to-node=\"67\" data-index-in-node=\"0\">Our Recommendation:<\/b> Always start with ISO 27001 as a general framework, and use ISO 27002 as a reference for implementing security controls. Security is not a project that ends, but a continuous improvement process.   <\/p><p data-path-to-node=\"68\"><b data-path-to-node=\"68\" data-index-in-node=\"0\">Do you need help implementing ISO 27001 in your company? Contact our experts today for a free consultation. <\/b><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c056d7b rt-default-class elementor-widget elementor-widget-text-editor\" data-id=\"c056d7b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: right;\">\ud83d\ude80 <strong>Are you preparing to deal with an ISO certification body?<\/strong><\/p><p style=\"text-align: right;\">Do not leave it to chance.<\/p><p style=\"text-align: right;\">Contact <strong>Gravity Management Consulting<\/strong> now<br>and let quality experts prepare your organization for successful, strong accreditation, and sustainable certification.<\/p><h6 style=\"text-align: right;\">\ud83d\udce9 Get a free consultation \u2705 <a href=\"https:\/\/wa.me\/96562222310\" target=\"_blank\" rel=\"noopener\"><strong><span style=\"color: #10cc2c;\">Contact us on WhatsApp<\/span><\/strong><\/a> \u2705 or \ud83d\udcde <a href=\"http:\/\/&lt;a%20href=%22tel:+96562222310%22%20class=%22call-btn%22&gt;%20%D8%A7%D8%AA%D8%B5%D9%84%20%D8%A8%D9%86%D8%A7%20%D8%A7%D9%84%D8%A2%D9%86%20&lt;\/a&gt;\" data-wplink-url-error=\"true\"><span style=\"color: #d12c2c;\">Call us<\/span><\/a> \ud83d\udcde<\/h6><p style=\"text-align: right;\">\ud83d\udd17 Follow us on: <a href=\"https:\/\/www.linkedin.com\/company\/gravity-business-advisory\" target=\"_blank\" rel=\"noopener\">LinkedIn<\/a> | <a href=\"https:\/\/www.instagram.com\/gravity_consulting\" target=\"_blank\" rel=\"noopener\">Instagram<\/a> | <a href=\"https:\/\/www.facebook.com\/gravityconsultingcompany\" target=\"_blank\" rel=\"noopener\">Facebook<\/a> | <a href=\"https:\/\/www.youtube.com\/@gravity_consulting\" target=\"_blank\" rel=\"noopener\">YouTube<\/a> | <a href=\"https:\/\/www.tiktok.com\/@gravity_consulting\" target=\"_blank\" rel=\"noopener\">TikTok<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-92ece56 rt-accor rt-default-class elementor-widget elementor-widget-accordion\" data-id=\"92ece56\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"accordion.default\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-1541\" class=\"elementor-tab-title\" data-tab=\"1\" role=\"button\" aria-controls=\"elementor-tab-content-1541\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><i class=\"rt rt-quote-left\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg class=\"e-font-icon-svg e-far-question-circle\" viewBox=\"0 0 512 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M256 8C119.043 8 8 119.083 8 256c0 136.997 111.043 248 248 248s248-111.003 248-248C504 119.083 392.957 8 256 8zm0 448c-110.532 0-200-89.431-200-200 0-110.495 89.472-200 200-200 110.491 0 200 89.471 200 200 0 110.53-89.431 200-200 200zm107.244-255.2c0 67.052-72.421 68.084-72.421 92.863V300c0 6.627-5.373 12-12 12h-45.647c-6.627 0-12-5.373-12-12v-8.659c0-35.745 27.1-50.034 47.579-61.516 17.561-9.845 28.324-16.541 28.324-29.579 0-17.246-21.999-28.693-39.784-28.693-23.189 0-33.894 10.977-48.942 29.969-4.057 5.12-11.46 6.071-16.666 2.124l-27.824-21.098c-5.107-3.872-6.251-11.066-2.644-16.363C184.846 131.491 214.94 112 261.794 112c49.071 0 101.45 38.304 101.45 88.8zM298 368c0 23.159-18.841 42-42 42s-42-18.841-42-42 18.841-42 42-42 42 18.841 42 42z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">Can ISO 27002 be implemented without ISO 27001?<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-1541\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"region\" aria-labelledby=\"elementor-tab-title-1541\"><p data-start=\"4894\" data-end=\"4997\">Yes, yes. It can be used as a guiding reference to improve security without seeking formal certification.<\/p>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-1542\" class=\"elementor-tab-title\" data-tab=\"2\" role=\"button\" aria-controls=\"elementor-tab-content-1542\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><i class=\"rt rt-quote-left\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg class=\"e-font-icon-svg e-far-question-circle\" viewBox=\"0 0 512 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M256 8C119.043 8 8 119.083 8 256c0 136.997 111.043 248 248 248s248-111.003 248-248C504 119.083 392.957 8 256 8zm0 448c-110.532 0-200-89.431-200-200 0-110.495 89.472-200 200-200 110.491 0 200 89.471 200 200 0 110.53-89.431 200-200 200zm107.244-255.2c0 67.052-72.421 68.084-72.421 92.863V300c0 6.627-5.373 12-12 12h-45.647c-6.627 0-12-5.373-12-12v-8.659c0-35.745 27.1-50.034 47.579-61.516 17.561-9.845 28.324-16.541 28.324-29.579 0-17.246-21.999-28.693-39.784-28.693-23.189 0-33.894 10.977-48.942 29.969-4.057 5.12-11.46 6.071-16.666 2.124l-27.824-21.098c-5.107-3.872-6.251-11.066-2.644-16.363C184.846 131.491 214.94 112 261.794 112c49.071 0 101.45 38.304 101.45 88.8zM298 368c0 23.159-18.841 42-42 42s-42-18.841-42-42 18.841-42 42-42 42 18.841 42 42z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">How much does ISO 27001 certification cost?<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-1542\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"region\" aria-labelledby=\"elementor-tab-title-1542\"><p data-start=\"4999\" data-end=\"5067\">It varies depending on the company size and number of locations, but it includes consulting fees and external audit costs. <\/p>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-1543\" class=\"elementor-tab-title\" data-tab=\"3\" role=\"button\" aria-controls=\"elementor-tab-content-1543\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><i class=\"rt rt-quote-left\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg class=\"e-font-icon-svg e-far-question-circle\" viewBox=\"0 0 512 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M256 8C119.043 8 8 119.083 8 256c0 136.997 111.043 248 248 248s248-111.003 248-248C504 119.083 392.957 8 256 8zm0 448c-110.532 0-200-89.431-200-200 0-110.495 89.472-200 200-200 110.491 0 200 89.471 200 200 0 110.53-89.431 200-200 200zm107.244-255.2c0 67.052-72.421 68.084-72.421 92.863V300c0 6.627-5.373 12-12 12h-45.647c-6.627 0-12-5.373-12-12v-8.659c0-35.745 27.1-50.034 47.579-61.516 17.561-9.845 28.324-16.541 28.324-29.579 0-17.246-21.999-28.693-39.784-28.693-23.189 0-33.894 10.977-48.942 29.969-4.057 5.12-11.46 6.071-16.666 2.124l-27.824-21.098c-5.107-3.872-6.251-11.066-2.644-16.363C184.846 131.491 214.94 112 261.794 112c49.071 0 101.45 38.304 101.45 88.8zM298 368c0 23.159-18.841 42-42 42s-42-18.841-42-42 18.841-42 42-42 42 18.841 42 42z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">What is the difference between ISO 27001:2013 and ISO 27001:2022?<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-1543\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"region\" aria-labelledby=\"elementor-tab-title-1543\"><p data-start=\"5069\" data-end=\"5222\">The new update (2022) focused on simplifying and consolidating security controls, while adding new controls related to cloud and artificial intelligence. <\/p>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<script type=\"application\/ld+json\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"Can ISO 27002 be implemented without ISO 27001?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p data-start=\\\"4894\\\" data-end=\\\"4997\\\">Yes, yes. It can be used as a guiding reference to improve security without seeking formal certification.<\\\/p>\\n\"}},{\"@type\":\"Question\",\"name\":\"How much does ISO 27001 certification cost?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p data-start=\\\"4999\\\" data-end=\\\"5067\\\">It varies depending on the company size and number of locations, but it includes consulting fees and external audit costs. <\\\/p>\\n\"}},{\"@type\":\"Question\",\"name\":\"What is the difference between ISO 27001:2013 and ISO 27001:2022?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p data-start=\\\"5069\\\" data-end=\\\"5222\\\">The new update (2022) focused on simplifying and consolidating security controls, while adding new controls related to cloud and artificial intelligence. <\\\/p>\\n\"}}]}<\/script>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6862dd8 elementor-cta--layout-image-below elementor-cta--skin-classic elementor-animated-content elementor-bg-transform elementor-bg-transform-zoom-in rt-default-class elementor-widget elementor-widget-call-to-action\" data-id=\"6862dd8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"call-to-action.default\">\n\t\t\t\t\t\t\t<div class=\"elementor-cta\">\n\t\t\t\t\t\t\t<div class=\"elementor-cta__content\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-content-item elementor-cta__content-item elementor-icon-wrapper elementor-cta__icon elementor-view-default\">\n\t\t\t\t\t\t<div class=\"elementor-icon\">\n\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-star\" viewBox=\"0 0 576 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M259.3 17.8L194 150.2 47.9 171.5c-26.2 3.8-36.7 36.1-17.7 54.6l105.7 103-25 145.5c-4.5 26.3 23.2 46 46.4 33.7L288 439.6l130.7 68.7c23.2 12.2 50.9-7.4 46.4-33.7l-25-145.5 105.7-103c19-18.5 8.5-50.8-17.7-54.6L382 150.2 316.7 17.8c-11.7-23.6-45.6-23.9-57.4 0z\"><\/path><\/svg>\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<h2 class=\"elementor-cta__title elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t\tStart today your journey to obtain ISO certification in Kuwait \t\t\t\t\t<\/h2>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-cta__description elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t\tWith Gravity Management Consulting, your partner that guarantees scientific implementation and professional performance, with continuous follow-up that ensures successful and sustainable accreditation. Contact us to draw together a strategic and reliable development plan that achieves your administrative aspirations and places your organization among the leaders.   \t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-cta__button-wrapper elementor-cta__content-item elementor-content-item \">\n\t\t\t\t\t<a class=\"elementor-cta__button elementor-button elementor-size-\" href=\"https:\/\/wa.me\/96562222310\" target=\"_blank\" rel=\"noopener\">\n\t\t\t\t\t\tContact us on WhatsApp\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-86dbeb3 rt-default-class elementor-widget elementor-widget-text-editor\" data-id=\"86dbeb3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: center;\"><span style=\"color: #0059ff;\"><a style=\"color: #0059ff;\" href=\"https:\/\/gcc-cert.com\/en\/all-certificates\/\">ISO certificates in Kuwait<\/a>, <a style=\"color: #0059ff;\" href=\"https:\/\/gcc-cert.com\/en\/steps-to-obtain-iso-certification\/\">steps to obtain ISO in Kuwait<\/a>, <a style=\"color: #0059ff;\" href=\"https:\/\/gcc-cert.com\/en\/how-to-obtain-iso-certification\/\">how to obtain ISO in Kuwait<\/a>, <a style=\"color: #0059ff;\" href=\"https:\/\/www.iso.org\/home.html\" target=\"_blank\" rel=\"noopener\">International Organization for Standardization<\/a>, <a style=\"color: #0059ff;\" href=\"https:\/\/www.iafcertsearch.org\/\" target=\"_blank\" rel=\"noopener\">IAF Cert<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Introduction Data is the new oil in the digital age, and protecting it is no longer a luxury but a strategic necessity. Many professionals find it confusing to understand the difference between ISO 27001 and ISO 27002, and how each complements the other. While one focuses on &#8220;what&#8221; we should do to build a security&#8230;<\/p>\n","protected":false},"author":2,"featured_media":12470,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"ISO 27001 vs ISO 27002 Information Security | Call 62222310","rank_math_description":"Discover the difference between ISO 27001 and ISO 27002 in detail. Learn the requirements of an Information Security Management System","rank_math_focus_keyword":"ISO 27001","footnotes":""},"categories":[198,197],"tags":[],"class_list":["post-12450","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-2","category-blog"],"_links":{"self":[{"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/posts\/12450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/comments?post=12450"}],"version-history":[{"count":4,"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/posts\/12450\/revisions"}],"predecessor-version":[{"id":14466,"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/posts\/12450\/revisions\/14466"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/media\/12470"}],"wp:attachment":[{"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/media?parent=12450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/categories?post=12450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcc-cert.com\/en\/wp-json\/wp\/v2\/tags?post=12450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}