Standard: ISO/IEC 27002:2022 — Information security controls
Tier: 2 — Supporting
Framework role: Control implementation guide for ISO/IEC 27001 Annex A
ISO/IEC 27002 provides a reference set of information security controls. The ICT Governance Framework implements controls through policies, seven-pillar services, and IaC blueprints rather than maintaining a standalone 27002 crosswalk document.
| 27002 role | Framework approach |
|---|---|
| Control detail for Annex A | Mapped via Seven-Pillar Crosswalk |
| Control selection | Tenant SoA (planned) + ADPA requirement templates |
| Implementation guidance | Policy library, implementation guides, blueprints |
| Reference | Content |
|---|---|
iso27001-compliance.bicep metadata |
Lists ISO 27002:2022 alongside 27001 |
| CISO requirements (A041) | ISO 27002 security controls implementation |
| Cloud App Security attestation | ISO 27002 compliance boolean in vendor assessments |
| Blueprint selection guide | 27002 listed as compliance target |
| 27002 theme | Framework coverage |
|---|---|
| Organisational controls (5) | Governance policies, vendor management |
| People controls (6) | Identity pillar, training |
| Physical controls (7) | Devices pillar |
| Technological controls (8) | All seven pillars |
~75% indirect — controls addressed through 27001 pillar mapping; dedicated 27002 control register not maintained separately.