Iso/iec 27002:2013 -

A statement of what the organization should achieve.

Managing third-party risks.

Network security and information transfer. ISO/IEC 27002:2013

Proper use of encryption and key management. A statement of what the organization should achieve

Contextual details, such as legal considerations or links to other standards. ISO/IEC 27002:2013

Securing physical areas and equipment.

Reporting and learning from security events.