PECB ISO-IEC-27001-Lead-Implementer Exam With Confidence Using Practice Dumps

ISO/IEC 27001:2022 is the certifiable standard for Information Security Management Systems (ISMS). While ISO/IEC 27002 provides guidelines and best practices to help organizations implement the controls listed in Annex A of ISO/IEC 27001, it is not mandatory to follow ISO/IEC 27002 to achieve ISO/IEC 27001 certification. Instead, organizations must select and implement appropriate controls from Annex A, or other controls as necessary, based on their risk assessment. ISO/IEC 27002 serves as guidance but is not itself an auditable or certifiable requirement.

"The controls listed in Annex A are not exhaustive and additional controls may be needed. ISO/IEC 27002 provides implementation guidance and is not mandatory for certification against ISO/IEC 27001."

— ISO/IEC 27001:2022, Introduction and Clause 6.1.3; ISO/IEC 27002:2022, Foreword

ISO/IEC 27001:2022 does not prescribe a specific approach for implementing an ISMS, but rather provides a set of requirements and guidelines that can be adapted to the organization’s context, scope, and objectives. Therefore, organizations can use any approach that is suitable for their scope, as long as it meets the requirements of the standard and enables the achievement of the intended outcomes of the ISMS. The approach should also consider the needs and expectations of the interested parties, the risks and opportunities related to information security, and the legal and regulatory obligations of the organization.

ISO/IEC 27001:2022, clause 4.1; PECB ISO/IEC 27001 Lead Implementer Course, Module 4, slide 9.