ISO 27002 is a supporting document that provides guidance on 93 best practice information security controls that can be implemented to help mitigate the risks identified by your ISO 27001 risk assessment. The ISO/IEC 27002:20022 Standard restructured and rationalised the previous 114 controls, and added a further 11 controls to the structure, reflecting the evolving IS technologies and the emergence of new threats.
In fact, these 93 controls are replicated in Annex A of ISO 27001 and you are required to consider all of them when determining the most appropriate actions to mitigate your risks.
The controls are separated into 4 main themes organisational, people, technological and physical. The Standard also introduced 5 ‘attributes’, where you can assign hashtags to controls to enable you to filter, sort, or present controls in different ways. More information can be found here.

ISO 27001 Clause 10.2: Nonconformity and corrective action
URM’s blog explains how to meet ISO 27001 Clause 10.2, including finding nonconformities, performing root cause analysis, implementing corrective actions & more
URM’s blog breaks down ISO 27001 Clause 7.5 requirements, with practical guidance on how to achieve conformance to this Clause & what external assessors expect.
URM’s blog explains the purpose & requirements of ISO 27001 Clause 6.3, types of ISMS change it covers, and key considerations when putting it into practice.
If your organisation is looking to transition to ISO 27001:2022, URM’s blog provides practical and invaluable guidance on meeting the new requirements.

