ISO/IEC 27001 is an international standard for information security management that describes how to establish, implement, maintain and improve an ISMS. The objective is to protect the confidentiality, integrity and availability of information by applying a risk management process. Certification to ISO 27001 demonstrates that an organization has structured processes to systematically manage information security.
ISO/IEC 27002 complements ISO 27001 and provides guidelines and best practices for information security management. It provides a set of security controls to manage information security risks and serves as a practical guide to implementing the controls in ISO 27001. It helps organizations to select appropriate security measures based on their needs and risks.