Purpose
How to use this page
Use this as a navigation and decision page. Follow the links for detailed control, audit, risk, evidence, and exam notes.
This is the ISO/IEC 27002 section of the vault. It answers:
What does the Annex A control mean and how can it be implemented?
ISO/IEC 27002 provides guidance for information security controls. In this KB, it supports interpretation of ISO/IEC 27001 Annex A controls, evidence expectations, implementation guidance, and exam distinction notes.
Core relationship
| Standard | Practical role |
|---|---|
| ISO 27001 Knowledge Base MOC | States ISMS requirements and Annex A control reference |
| ISO 27002 Knowledge Base MOC | Explains control purpose, attributes, implementation guidance, and examples |
| ISO 27005 Knowledge Base MOC | Explains risk logic behind control selection and treatment |
ISO 27002 source notes
- ISO27002 Control Attributes
- Control Attributes and Risk Treatment Effects
- ISO 27002 Annex A Control Interpretation Map
- ISO 27002 Control Attributes Evidence Map
Control themes
| ISO 27002 theme | Current vault coverage |
|---|---|
| Organizational controls | A.5 Organizational Controls MOC |
| People controls | Future section |
| Physical controls | Future section |
| Technological controls | Future section |
Control interpretation workflow
For each Annex A control, maintain:
- ISO 27001 control reference;
- ISO 27002 interpretation and implementation guidance;
- ISO 27005 risk logic;
- implementer actions;
- auditor evidence expectations;
- exam traps;
- software-object mapping.
Research basis
ISO describes ISO/IEC 27002:2022 as a standard for information security, cybersecurity, and privacy protection controls. It is control guidance, not the certifiable ISMS requirements standard.
External references
- Iso27002
- Knowledge base
- Moc
Note Metadata
Aliases: ISO27002 KB, ISO 27002 KB, ISO 27002 Control Guidance
Source: 11 ISO 27002 Knowledge Base/ISO 27002 Knowledge Base MOC.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO27001 ISMS KB - Start Here
- Control Attributes and Risk Treatment Effects
- ISO27002 Control Attributes
- A.5 Organizational Controls MOC
- ISO 27001 Implementer Auditor ISO 27005 Mapping
- ISO 27001 Knowledge Base
- ISO 27002 Annex A Control Interpretation Map
- ISO 27002 Control Attributes Evidence Map
- ISO 27005 Knowledge Base
- Asset Threat Vulnerability Risk Control Evidence Data Model
- Template Control Card
- Annex A Controls MOC
- ISO 27001 Overview
- Templates MOC