However, if the organization is only interested in the guidance in ISO/IEC 27002:2013 this checklist provides a list of all items suggested in Annex A of ISO/IEC 27001 that are derived from the ISO/IEC 27002 guidelines. If an Organization is interested in testing their conformance to ISO/IEC 27001:2013 this checklist will provide an analysis of the detail in the ISO/IEC 27001 standard. The requirements included in the ISO/IEC 27001:2013 standard are listed at a high level with an Annexed reference to ISO 27002:2013 as appropriate guidance to demonstrate conformance to ISO/IEC 27001:2013.
Select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001.It is designed to be used by organizations that intend to: ISO/IEC 27001:2013 gives requirements for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).