{"id":12450,"date":"2026-02-11T23:14:29","date_gmt":"2026-02-11T23:14:29","guid":{"rendered":"https:\/\/gcc.com.kw\/?p=12450"},"modified":"2026-03-28T07:11:23","modified_gmt":"2026-03-28T07:11:23","slug":"your-comprehensive-guide-to-the-new-iso-45001-occupational-health-and-safety-management-system-from-planning-to-certification","status":"publish","type":"post","link":"https:\/\/gcc.com.kw\/en\/blog\/your-comprehensive-guide-to-the-new-iso-45001-occupational-health-and-safety-management-system-from-planning-to-certification\/","title":{"rendered":"The Difference Between ISO 27001 and ISO 27002: A Comprehensive Guide to Understanding Information Security Standards"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"12450\" class=\"elementor elementor-12450 elementor-12449\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-000c719 e-flex e-con-boxed rt-default-class e-con e-parent\" data-id=\"000c719\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-66885b3 rt-default-class elementor-widget elementor-widget-text-editor\" data-id=\"66885b3\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<blockquote><h2 data-start=\"664\" data-end=\"674\">Introduction<\/h2><p data-path-to-node=\"6\">Data is the new oil in the digital age, and protecting it is no longer a luxury but a strategic necessity. Many professionals find it confusing to understand the <b data-path-to-node=\"6\" data-index-in-node=\"146\">difference between ISO 27001 and ISO 27002<\/b>, and how each complements the other. While one focuses on &#8220;what&#8221; we should do to build a security system, the other focuses on &#8220;how&#8221; to technically implement it.  <\/p><p data-path-to-node=\"7\">In this article, we will delve deep into the details of these two standards, and show you how you can use them together to secure your company&#8217;s information assets and gain international recognition. Whether you are an IT manager or a business owner, you will find the roadmap you need here.    <\/p><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fb55b33 rt-default-class elementor-widget elementor-widget-text-editor\" data-id=\"fb55b33\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<h2 data-path-to-node=\"13\">Overview of Information Security and ISO Standards<\/h2><p data-path-to-node=\"14\">With the increasing complexity of cyberattacks, organizations need a unified and reliable framework. The International Organization for Standardization (ISO) plays a pivotal role by providing the ISO\/IEC 27000 family of standards.  <\/p><p data-path-to-node=\"15\">Why Do Companies Need These Standards?<\/p><ul data-path-to-node=\"16\"><li><p data-path-to-node=\"16,0,0\"><b data-path-to-node=\"16,0,0\" data-index-in-node=\"0\">Building Trust:<\/b> Customers are reassured when they know their data is managed according to a global standard.<\/p><\/li><li><p data-path-to-node=\"16,1,0\"><b data-path-to-node=\"16,1,0\" data-index-in-node=\"0\">Continuity:<\/b> Reducing the likelihood of business disruption due to breaches.<\/p><\/li><li><p data-path-to-node=\"16,2,0\"><b data-path-to-node=\"16,2,0\" data-index-in-node=\"0\">Legal Compliance:<\/b> Meeting the requirements of data protection legislation such as GDPR or local regulations.<\/p><\/li><\/ul><h2 data-path-to-node=\"19\">What is ISO 27001?<\/h2><p data-path-to-node=\"20\">ISO 27001 is known as the international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an <a href=\"https:\/\/gcc.com.kw\/en\/blog\/iso-27001-in-kuwait-gravity\/\"><b data-path-to-node=\"20\" data-index-in-node=\"81\">Information Security Management System (ISMS)<\/b><\/a>.<\/p><h3 data-path-to-node=\"21\">Definition and Objective<\/h3><p data-path-to-node=\"22\">The primary goal is not just to implement protection programs, but to create a comprehensive management methodology. The specification focuses on a risk-based approach; meaning you don&#8217;t implement random controls, but rather those actually needed based on a precise assessment.   <\/p><h3 data-path-to-node=\"23\">Who Needs It?<\/h3><p data-path-to-node=\"24\">Any organization that stores sensitive data, whether it&#8217;s a bank, a hospital, or even a software startup, needs this standard to ensure the confidentiality, integrity, and availability of information.   <\/p><h2 data-path-to-node=\"27\">What is ISO 27002?<\/h2><p data-path-to-node=\"28\">If ISO 27001 is the &#8220;rulebook,&#8221; then ISO 27002 is the &#8220;guideline manual.&#8221; <\/p><h3 data-path-to-node=\"29\">Purpose of the Standard<\/h3><p data-path-to-node=\"30\">ISO 27002 serves as a code of practice that provides detailed guidance on how to implement the security controls mentioned in Annex A of ISO 27001. It does not grant separate certifications but is used as a technical reference for engineers and managers during implementation.  <\/p><h3 data-path-to-node=\"31\">How is it Used in Practice?<\/h3><p data-path-to-node=\"32\">When ISO 27001 asks you to &#8220;secure passwords,&#8221; you refer to ISO 27002 to find explanations about password length, complexity, and change intervals.  <\/p><h2 data-path-to-node=\"35\">Key Differences Between ISO 27001 and ISO 27002<\/h2><p data-path-to-node=\"36\">To clearly understand the <b data-path-to-node=\"36\" data-index-in-node=\"5\">difference between ISO 27001 and ISO 27002<\/b>, let&#8217;s look at this comparative table: <\/p><table data-path-to-node=\"37\"><thead><tr><td><strong>Comparison Aspect<\/strong><\/td><td><strong>ISO 27001<\/strong><\/td><td><strong>ISO 27002<\/strong><\/td><\/tr><\/thead><tbody><tr><td><span data-path-to-node=\"37,1,0,0\"><b data-path-to-node=\"37,1,0,0\" data-index-in-node=\"0\">Standard Type<\/b><\/span><\/td><td><span data-path-to-node=\"37,1,1,0\">Management Standard (Requirements)<\/span><\/td><td><span data-path-to-node=\"37,1,2,0\">Guidance Standard (Practices)<\/span><\/td><\/tr><tr><td><span data-path-to-node=\"37,2,0,0\"><b data-path-to-node=\"37,2,0,0\" data-index-in-node=\"0\">Certification<\/b><\/span><\/td><td><span data-path-to-node=\"37,2,1,0\"><b data-path-to-node=\"37,2,1,0\" data-index-in-node=\"0\">Certifiable<\/b> (Company obtains certification)<\/span><\/td><td><span data-path-to-node=\"37,2,2,0\"><b data-path-to-node=\"37,2,2,0\" data-index-in-node=\"0\">Not Certifiable<\/b> (Reference only)<\/span><\/td><\/tr><tr><td><span data-path-to-node=\"37,3,0,0\"><b data-path-to-node=\"37,3,0,0\" data-index-in-node=\"0\">Main Purpose<\/b><\/span><\/td><td><span data-path-to-node=\"37,3,1,0\">Building the Management System (ISMS)<\/span><\/td><td><span data-path-to-node=\"37,3,2,0\">Detailed Explanation of Security Controls<\/span><\/td><\/tr><tr><td><span data-path-to-node=\"37,4,0,0\"><b data-path-to-node=\"37,4,0,0\" data-index-in-node=\"0\">Focus<\/b><\/span><\/td><td><span data-path-to-node=\"37,4,1,0\">Risks, Leadership, and Improvement<\/span><\/td><td><span data-path-to-node=\"37,4,2,0\">Technologies, Procedures, and Implementation<\/span><\/td><\/tr><tr><td><span data-path-to-node=\"37,5,0,0\"><b data-path-to-node=\"37,5,0,0\" data-index-in-node=\"0\">Obligation<\/b><\/span><\/td><td><span data-path-to-node=\"37,5,1,0\">Clauses (1-10) are mandatory for certification<\/span><\/td><td><span data-path-to-node=\"37,5,2,0\">Optional (you can choose what suits you)<\/span><\/td><\/tr><\/tbody><\/table><p data-path-to-node=\"39\"> Information Security Requirements and Controls<\/p><p data-path-to-node=\"41\">To achieve comprehensive security, <b data-path-to-node=\"41\" data-index-in-node=\"31\">ISO 27001 information security requirements<\/b> must be combined with technical guidelines. <\/p><h3 data-path-to-node=\"42\">Essential ISO 27001 Requirements<\/h3><p data-path-to-node=\"43\">The specification consists of 10 main clauses, the most important of which are Clause 6 (Risk Planning) and Clause 9 (Performance Evaluation). The organization must prepare a document called a &#8220;Statement of Applicability&#8221; (SoA) that defines the controls to be implemented.  <\/p><h3 data-path-to-node=\"44\">Security Controls in ISO 27001 (2022 Update)<\/h3><p data-path-to-node=\"45\">In the latest update, controls have been consolidated and reduced to <b data-path-to-node=\"45\" data-index-in-node=\"45\">93 controls<\/b> divided into 4 main categories: <\/p><ol start=\"1\" data-path-to-node=\"46\"><li><p data-path-to-node=\"46,0,0\"><b data-path-to-node=\"46,0,0\" data-index-in-node=\"0\">Organizational Controls:<\/b> (e.g., information security policies).<\/p><\/li><li><p data-path-to-node=\"46,1,0\"><b data-path-to-node=\"46,1,0\" data-index-in-node=\"0\">People Controls:<\/b> (e.g., awareness and training).<\/p><\/li><li><p data-path-to-node=\"46,2,0\"><b data-path-to-node=\"46,2,0\" data-index-in-node=\"0\">Physical Controls:<\/b> (e.g., office and equipment security).<\/p><\/li><li><p data-path-to-node=\"46,3,0\"><b data-path-to-node=\"46,3,0\" data-index-in-node=\"0\">Technological Controls:<\/b> (e.g., encryption and vulnerability management).<\/p><\/li><\/ol><h2 data-path-to-node=\"49\">Information Risk Management in ISO 27001<\/h2><p data-path-to-node=\"50\"><b data-path-to-node=\"50\" data-index-in-node=\"6\">Information risk management<\/b> is the actual driver of the ISO system. An organization does not try to protect everything with the same intensity, but rather focuses its resources where the greatest threats exist.  <\/p><p data-path-to-node=\"51\">The risk management process includes:<\/p><ol start=\"1\" data-path-to-node=\"52\"><li><p data-path-to-node=\"52,0,0\"><b data-path-to-node=\"52,0,0\" data-index-in-node=\"0\">Asset Identification:<\/b> What data and equipment are important?<\/p><\/li><li><p data-path-to-node=\"52,1,0\"><b data-path-to-node=\"52,1,0\" data-index-in-node=\"0\">Threat Analysis:<\/b> Such as hacking, fire, or data leakage. <\/p><\/li><li><p data-path-to-node=\"52,2,0\"><b data-path-to-node=\"52,2,0\" data-index-in-node=\"0\">Impact and Likelihood Assessment:<\/b> What would happen if the risk occurred?<\/p><\/li><li><p data-path-to-node=\"52,3,0\"><b data-path-to-node=\"52,3,0\" data-index-in-node=\"0\">Risk Treatment:<\/b> Selecting appropriate controls from ISO 27002 to reduce the risk to an acceptable level.<\/p><\/li><\/ol><h2 data-path-to-node=\"55\">Steps to Obtain ISO 27001 Certification<\/h2><p data-path-to-node=\"56\">To obtain accredited <a href=\"https:\/\/gcc.com.kw\/en\/blog\/iso-27001-in-kuwait-gravity\/\"><b data-path-to-node=\"56\" data-index-in-node=\"11\">ISO 27001 certification<\/b><\/a>, an organization goes through several stages: <\/p><ol start=\"1\" data-path-to-node=\"57\"><li><p data-path-to-node=\"57,0,0\"><b data-path-to-node=\"57,0,0\" data-index-in-node=\"0\">Gap Analysis:<\/b> Understanding the difference between your current state and the standard&#8217;s requirements.<\/p><\/li><li><p data-path-to-node=\"57,1,0\"><b data-path-to-node=\"57,1,0\" data-index-in-node=\"0\">System and Documentation Building:<\/b> Drafting policies and procedures.<\/p><\/li><li><p data-path-to-node=\"57,2,0\"><b data-path-to-node=\"57,2,0\" data-index-in-node=\"0\">Practical Implementation:<\/b> Activating security controls for at least 3 months.<\/p><\/li><li><p data-path-to-node=\"57,3,0\"><b data-path-to-node=\"57,3,0\" data-index-in-node=\"0\">Internal Audit:<\/b> Self-examination of the system.<\/p><\/li><li><p data-path-to-node=\"57,4,0\"><b data-path-to-node=\"57,4,0\" data-index-in-node=\"0\">External Audit:<\/b> A Certification Body reviews the system.<\/p><\/li><\/ol><blockquote data-path-to-node=\"58\"><p data-path-to-node=\"58,0\"><b data-path-to-node=\"58,0\" data-index-in-node=\"0\">Cost and Duration:<\/b> The duration ranges from 6 to 12 months, and the cost depends on the size of the organization and the scope of work. <\/p><\/blockquote><h2 data-path-to-node=\"61\">Which Standard Should You Choose for Your Company?<\/h2><p data-path-to-node=\"62\">The short answer is: <b data-path-to-node=\"62\" data-index-in-node=\"21\">You need both, but for different purposes.<\/b><\/p><ul data-path-to-node=\"63\"><li><p data-path-to-node=\"63,0,0\">Choose <b data-path-to-node=\"63,0,0\" data-index-in-node=\"5\">ISO 27001<\/b> if you seek official recognition, participation in major tenders, or building a strong management structure.  <\/p><\/li><li><p data-path-to-node=\"63,1,0\">Use <b data-path-to-node=\"63,1,0\" data-index-in-node=\"5\">ISO 27002<\/b> as a daily guide for your IT team to ensure the implementation of best technical practices.<\/p><\/li><\/ul><h3 data-path-to-node=\"65\">Conclusion and Recommendations<\/h3><p data-path-to-node=\"66\">In conclusion, understanding the <b data-path-to-node=\"66\" data-index-in-node=\"19\">difference between ISO 27001 and ISO 27002<\/b> remains the first step towards building a robust digital defense system. Remember that ISO 27001 provides you with the certification and structure, while ISO 27002 provides you with the technical details and expertise.   <\/p><p data-path-to-node=\"67\"><b data-path-to-node=\"67\" data-index-in-node=\"0\">Our Recommendation:<\/b> Always start with ISO 27001 as a general framework, and use ISO 27002 as a reference for implementing security controls. Security is not a project that ends, but a continuous improvement process.   <\/p><p data-path-to-node=\"68\"><b data-path-to-node=\"68\" data-index-in-node=\"0\">Do you need help implementing ISO 27001 in your company? Contact our experts today for a free consultation. <\/b><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c056d7b rt-default-class elementor-widget elementor-widget-text-editor\" data-id=\"c056d7b\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: right;\">\ud83d\ude80 <strong>Are you preparing to deal with an ISO certification body?<\/strong><\/p><p style=\"text-align: right;\">Do not leave it to chance.<\/p><p style=\"text-align: right;\">Contact <strong>Gravity Management Consulting<\/strong> now<br>and let quality experts prepare your organization for successful, strong accreditation, and sustainable certification.<\/p><h6 style=\"text-align: right;\">\ud83d\udce9 Get a free consultation \u2705 <a href=\"https:\/\/wa.me\/96562222310\" target=\"_blank\" rel=\"noopener\"><strong><span style=\"color: #10cc2c;\">Contact us on WhatsApp<\/span><\/strong><\/a> \u2705 or \ud83d\udcde <a href=\"http:\/\/&lt;a%20href=%22tel:+96562222310%22%20class=%22call-btn%22&gt;%20%D8%A7%D8%AA%D8%B5%D9%84%20%D8%A8%D9%86%D8%A7%20%D8%A7%D9%84%D8%A2%D9%86%20&lt;\/a&gt;\" data-wplink-url-error=\"true\"><span style=\"color: #d12c2c;\">Call us<\/span><\/a> \ud83d\udcde<\/h6><p style=\"text-align: right;\">\ud83d\udd17 Follow us on: <a href=\"https:\/\/www.linkedin.com\/company\/gravity-business-advisory\" target=\"_blank\" rel=\"noopener\">LinkedIn<\/a> | <a href=\"https:\/\/www.instagram.com\/gravity_consulting\" target=\"_blank\" rel=\"noopener\">Instagram<\/a> | <a href=\"https:\/\/www.facebook.com\/gravityconsultingcompany\" target=\"_blank\" rel=\"noopener\">Facebook<\/a> | <a href=\"https:\/\/www.youtube.com\/@gravity_consulting\" target=\"_blank\" rel=\"noopener\">YouTube<\/a> | <a href=\"https:\/\/www.tiktok.com\/@gravity_consulting\" target=\"_blank\" rel=\"noopener\">TikTok<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-92ece56 rt-accor rt-default-class elementor-widget elementor-widget-accordion\" data-id=\"92ece56\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"accordion.default\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-1541\" class=\"elementor-tab-title\" data-tab=\"1\" role=\"button\" aria-controls=\"elementor-tab-content-1541\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><i class=\"rt rt-quote-left\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg class=\"e-font-icon-svg e-far-question-circle\" viewBox=\"0 0 512 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M256 8C119.043 8 8 119.083 8 256c0 136.997 111.043 248 248 248s248-111.003 248-248C504 119.083 392.957 8 256 8zm0 448c-110.532 0-200-89.431-200-200 0-110.495 89.472-200 200-200 110.491 0 200 89.471 200 200 0 110.53-89.431 200-200 200zm107.244-255.2c0 67.052-72.421 68.084-72.421 92.863V300c0 6.627-5.373 12-12 12h-45.647c-6.627 0-12-5.373-12-12v-8.659c0-35.745 27.1-50.034 47.579-61.516 17.561-9.845 28.324-16.541 28.324-29.579 0-17.246-21.999-28.693-39.784-28.693-23.189 0-33.894 10.977-48.942 29.969-4.057 5.12-11.46 6.071-16.666 2.124l-27.824-21.098c-5.107-3.872-6.251-11.066-2.644-16.363C184.846 131.491 214.94 112 261.794 112c49.071 0 101.45 38.304 101.45 88.8zM298 368c0 23.159-18.841 42-42 42s-42-18.841-42-42 18.841-42 42-42 42 18.841 42 42z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">Can ISO 27002 be implemented without ISO 27001?<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-1541\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"region\" aria-labelledby=\"elementor-tab-title-1541\"><p data-start=\"4894\" data-end=\"4997\">Yes, yes. It can be used as a guiding reference to improve security without seeking formal certification.<\/p>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-1542\" class=\"elementor-tab-title\" data-tab=\"2\" role=\"button\" aria-controls=\"elementor-tab-content-1542\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><i class=\"rt rt-quote-left\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg class=\"e-font-icon-svg e-far-question-circle\" viewBox=\"0 0 512 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M256 8C119.043 8 8 119.083 8 256c0 136.997 111.043 248 248 248s248-111.003 248-248C504 119.083 392.957 8 256 8zm0 448c-110.532 0-200-89.431-200-200 0-110.495 89.472-200 200-200 110.491 0 200 89.471 200 200 0 110.53-89.431 200-200 200zm107.244-255.2c0 67.052-72.421 68.084-72.421 92.863V300c0 6.627-5.373 12-12 12h-45.647c-6.627 0-12-5.373-12-12v-8.659c0-35.745 27.1-50.034 47.579-61.516 17.561-9.845 28.324-16.541 28.324-29.579 0-17.246-21.999-28.693-39.784-28.693-23.189 0-33.894 10.977-48.942 29.969-4.057 5.12-11.46 6.071-16.666 2.124l-27.824-21.098c-5.107-3.872-6.251-11.066-2.644-16.363C184.846 131.491 214.94 112 261.794 112c49.071 0 101.45 38.304 101.45 88.8zM298 368c0 23.159-18.841 42-42 42s-42-18.841-42-42 18.841-42 42-42 42 18.841 42 42z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">How much does ISO 27001 certification cost?<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-1542\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"region\" aria-labelledby=\"elementor-tab-title-1542\"><p data-start=\"4999\" data-end=\"5067\">It varies depending on the company size and number of locations, but it includes consulting fees and external audit costs. <\/p>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-1543\" class=\"elementor-tab-title\" data-tab=\"3\" role=\"button\" aria-controls=\"elementor-tab-content-1543\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><i class=\"rt rt-quote-left\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg class=\"e-font-icon-svg e-far-question-circle\" viewBox=\"0 0 512 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M256 8C119.043 8 8 119.083 8 256c0 136.997 111.043 248 248 248s248-111.003 248-248C504 119.083 392.957 8 256 8zm0 448c-110.532 0-200-89.431-200-200 0-110.495 89.472-200 200-200 110.491 0 200 89.471 200 200 0 110.53-89.431 200-200 200zm107.244-255.2c0 67.052-72.421 68.084-72.421 92.863V300c0 6.627-5.373 12-12 12h-45.647c-6.627 0-12-5.373-12-12v-8.659c0-35.745 27.1-50.034 47.579-61.516 17.561-9.845 28.324-16.541 28.324-29.579 0-17.246-21.999-28.693-39.784-28.693-23.189 0-33.894 10.977-48.942 29.969-4.057 5.12-11.46 6.071-16.666 2.124l-27.824-21.098c-5.107-3.872-6.251-11.066-2.644-16.363C184.846 131.491 214.94 112 261.794 112c49.071 0 101.45 38.304 101.45 88.8zM298 368c0 23.159-18.841 42-42 42s-42-18.841-42-42 18.841-42 42-42 42 18.841 42 42z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">What is the difference between ISO 27001:2013 and ISO 27001:2022?<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-1543\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"region\" aria-labelledby=\"elementor-tab-title-1543\"><p data-start=\"5069\" data-end=\"5222\">The new update (2022) focused on simplifying and consolidating security controls, while adding new controls related to cloud and artificial intelligence. <\/p>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<script type=\"application\/ld+json\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"Can ISO 27002 be implemented without ISO 27001?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p data-start=\\\"4894\\\" data-end=\\\"4997\\\">Yes, yes. It can be used as a guiding reference to improve security without seeking formal certification.<\\\/p>\\n\"}},{\"@type\":\"Question\",\"name\":\"How much does ISO 27001 certification cost?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p data-start=\\\"4999\\\" data-end=\\\"5067\\\">It varies depending on the company size and number of locations, but it includes consulting fees and external audit costs. <\\\/p>\\n\"}},{\"@type\":\"Question\",\"name\":\"What is the difference between ISO 27001:2013 and ISO 27001:2022?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p data-start=\\\"5069\\\" data-end=\\\"5222\\\">The new update (2022) focused on simplifying and consolidating security controls, while adding new controls related to cloud and artificial intelligence. <\\\/p>\\n\"}}]}<\/script>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6862dd8 elementor-cta--layout-image-below elementor-cta--skin-classic elementor-animated-content elementor-bg-transform elementor-bg-transform-zoom-in rt-default-class elementor-widget elementor-widget-call-to-action\" data-id=\"6862dd8\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"call-to-action.default\">\n\t\t\t\t\t\t\t<div class=\"elementor-cta\">\n\t\t\t\t\t\t\t<div class=\"elementor-cta__content\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-content-item elementor-cta__content-item elementor-icon-wrapper elementor-cta__icon elementor-view-default\">\n\t\t\t\t\t\t<div class=\"elementor-icon\">\n\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-star\" viewBox=\"0 0 576 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M259.3 17.8L194 150.2 47.9 171.5c-26.2 3.8-36.7 36.1-17.7 54.6l105.7 103-25 145.5c-4.5 26.3 23.2 46 46.4 33.7L288 439.6l130.7 68.7c23.2 12.2 50.9-7.4 46.4-33.7l-25-145.5 105.7-103c19-18.5 8.5-50.8-17.7-54.6L382 150.2 316.7 17.8c-11.7-23.6-45.6-23.9-57.4 0z\"><\/path><\/svg>\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<h2 class=\"elementor-cta__title elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t\tStart today your journey to obtain ISO certification in Kuwait \t\t\t\t\t<\/h2>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-cta__description elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t\tWith Gravity Management Consulting. Your partner who guarantees you a scientific application and professional performance, with continuous follow-up that ensures sustainable success and accreditation, contact us to draw a strategic and reliable development plan that achieves your managerial ambitions and puts your organization in the ranks of leadership.  \t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-cta__button-wrapper elementor-cta__content-item elementor-content-item \">\n\t\t\t\t\t<a class=\"elementor-cta__button elementor-button elementor-size-\" href=\"https:\/\/wa.me\/96562222310\" target=\"_blank\" rel=\"noopener\">\n\t\t\t\t\t\tContact us on WhatsApp\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-86dbeb3 rt-default-class elementor-widget elementor-widget-text-editor\" data-id=\"86dbeb3\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: center;\"><span style=\"color: #0059ff;\"><a style=\"color: #0059ff;\" href=\"https:\/\/gcc.com.kw\/iso-certificates-in-kuwat-gcc-in-kuwait\/\">ISO certificates in Kuwait<\/a>, <a style=\"color: #0059ff;\" href=\"https:\/\/gcc.com.kw\/%d8%b4%d9%87%d8%a7%d8%af%d8%a9-iso-%d9%81%d9%8a-%d8%a7%d9%84%d9%83%d9%88%d9%8a%d8%aa-gcc-in-kuwaut\/\">steps to obtain ISO in Kuwait<\/a>, <a style=\"color: #0059ff;\" href=\"https:\/\/gcc.com.kw\/%d8%b7%d8%b1%d9%8a%d9%82%d8%a9-%d8%a7%d9%84%d8%ad%d8%b5%d9%88%d9%84-%d8%b9%d9%84%d9%89-%d8%a7%d9%84%d8%a7%d9%8a%d8%b2%d9%88-%d9%81%d9%8a-%d8%a7%d9%84%d9%83%d9%88%d9%8a%d8%aa-gcc\/\">how to obtain ISO in Kuwait<\/a>, <a style=\"color: #0059ff;\" href=\"https:\/\/www.iso.org\/home.html\" target=\"_blank\" rel=\"noopener\">International Organization for Standardization<\/a>, <a style=\"color: #0059ff;\" href=\"https:\/\/www.iafcertsearch.org\/\" target=\"_blank\" rel=\"noopener\">IAF Cert<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Introduction Data is the new oil in the digital age, and protecting it is no longer a luxury but a strategic necessity. Many professionals find it confusing to understand the difference between ISO 27001 and ISO 27002, and how each complements the other. While one focuses on &#8220;what&#8221; we should do to build a security&#8230;<\/p>\n","protected":false},"author":2,"featured_media":15927,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"rank_math_title":"The Difference Between ISO 27001 and ISO 27002: A Comprehensive Guide and Simplified Explanation ","rank_math_description":"Discover the difference between ISO 27001 and ISO 27002 in detail. Learn the requirements of an Information Security Management System, and how to implement the new 2022 security controls for your company.  ","rank_math_focus_keyword":"Difference between ISO 27001 and ISO 27002, ISO 27001 Information Security Management System, ISO 27001 Certification, ISO 27001 Information Security Requirements","footnotes":""},"categories":[104],"tags":[],"class_list":["post-12450","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"acf":[],"_links":{"self":[{"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/posts\/12450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/comments?post=12450"}],"version-history":[{"count":2,"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/posts\/12450\/revisions"}],"predecessor-version":[{"id":14618,"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/posts\/12450\/revisions\/14618"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/media\/15927"}],"wp:attachment":[{"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/media?parent=12450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/categories?post=12450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcc.com.kw\/en\/wp-json\/wp\/v2\/tags?post=12450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}