ISO IEC 27002:2022 offers a reference set of generic information security controls along with implementation guidance. It is intended for use by organizations in the following contexts:
a) as part of an information security management system (ISMS) aligned with ISO/IEC 27001;
b) for the implementation of information security controls based on globally recognized best practices;
c) for creating tailored information security management guidelines specific to the organization.
