ISO 27002 Bench-Marking

The ISO 27002 International Standard establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined in this International Standard provide general guidance on the commonly accepted goals of information security management.

The control objectives and controls of the Standard are intended to be implemented to meet the requirements identified by a risk assessment. The Standard may serve as a practical guideline for developing organizational security standards and effective security management practices and to help build confidence in inter-organizational activities.

The ISO 27002 Standard contains 11 security control clauses collectively containing a total of 39 main security categories and one introductory clause introducing risk assessment and treatment.

Each clause contains a number of main security categories. The eleven clauses are:

  • Security Policy
  • Organizing Information Security
  • Asset Management
  • Human Resources Security
  • Physical and Environmental Security
  • Communications and Operations Management
  • Access Control
  • Information Systems Acquisition, Development and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

Who should consider ISO 27002 Bench-Marking?

  • Any organization, business unit or division, that seeks to benchmark its information security controls against this widely utilized Security standard
  • Any organization whose customers require them to demonstrate they conform to the ISO 27002 standard.
  • It is important to note that there is no official certification standard for ISO 27002. However, conformance to ISO 27002 can assist in preparation for ISO 27001 Certification.


The scope of an ISO 27002 gap assessment would be determined by the organization in relation to its needs and could be an entire enterprise, a specific business unit, or area of focus.


The deliverables that Coalfire Certification would provide include the following:

  • Development of a Bench-Marking project plan.
  • Bench Mark report identifying areas of conformity and non-conformity with the 27002 standard