ISO/IEC 27002 mainly incorporates part 1 of the good safety management practice standard BS 7799. The latest versions of BS 7799 is BS 7799-3. scheme or good practice guide for cybersecurity management; while BS 7799 part 2 and ISO/IEC 27001 are normative and therefore provide a framework for certification. ISO/IEC 27002 is a high-level guide for cybersecurity. It is more beneficial as an explanatory guide for the management of an organization to obtain certification to ISO/IEC 27001. The certification obtained lasts three years. none or some interim audits may be carried out during the three years.

ISO/IEC 27001 (ISMS) replaces BS 7799 Part 2, but as it is supported any organization working towards BS 7799 Part 2 can easily transition to the ISO/IEC 27001 certification process. There is also an audit transition available to make it easier once an organization is BS 7799 Part 2-certified to become ISO/IEC 27001-certified. ISO/IEC 27002 provides best practice recommendations in information security management for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS). States of the information security systems necessary to implement the ISO/IEC 27002 control objectives. Without ISO/IEC 27001, ISO/IEC 27002 control objectives are ineffective. ISO/IEC 27002 control objectives are incorporated into ISO 27001 in Annex A.

ISO/IEC 21827 (SSE-CMM - ISO / IEC 21827) is an international standard based on the Systems Security Engineering Capability Maturity Model (SSE-CMM) that can measure the maturity of ISO controls objectives.

ISO/IEC 27001 formally specifies a management system intended to provide information security under explicit management control.

ISO/IEC 27002 mainly incorporates part 1 of the good safety management practice standard BS 7799. The latest versions of BS 7799 is BS 7799-3. scheme or good practice guide for cybersecurity management; while BS 7799 part 2 and ISO/IEC 27001 are normative and therefore provide a framework for certification. ISO/IEC 27002 is a high-level guide for cybersecurity. It is more beneficial as an explanatory guide for the management of an organization to obtain certification to ISO/IEC 27001. The certification obtained lasts three years. none or some interim audits may be carried out during the three years.

ISO/IEC 27001 (ISMS) replaces BS 7799 Part 2, but as it is supported any organization working towards BS 7799 Part 2 can easily transition to the ISO/IEC 27001 certification process. There is also an audit transition available to make it easier once an organization is BS 7799 Part 2-certified to become ISO/IEC 27001-certified. ISO/IEC 27002 provides best practice recommendations in information security management for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS). States of the information security systems necessary to implement the ISO/IEC 27002 control objectives. Without ISO/IEC 27001, ISO/IEC 27002 control objectives are ineffective. ISO/IEC 27002 control objectives are incorporated into ISO 27001 in Annex A.

ISO/IEC 21827 (SSE-CMM - ISO / IEC 21827) is an international standard based on the Systems Security Engineering Capability Maturity Model (SSE-CMM) that can measure the maturity of ISO controls objectives.