Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Keiran Mather
Bulletproof red team demonstrate a novel approach to evade static analysis in Linux malware.
Read More
Start your journey to achieving ISO 27001:2022 with a comprehensive gap analysis against the new ISO 27002:2022 controls.
Identify areas that need addressing to help you certify to ISO 27001:2022.
Receive a clear report of conformity against each new control.
Delivered by our team of certified and experienced ISO lead auditors.
Receive expert support and optional extras to aid your compliance journey.
ISO 27002 was updated in February 2022. The new controls highlighted within ISO 27002:2022 are now referenced in Annex A of the new version of ISO 27001 which was published in October 2022.
This means organisations that currently use Annex A controls will be required to update their Information Security Management System (ISMS) taking into account the new controls prior to being assessed against ISO 27001:2022.
For organisations certified against ISO 27001:2013, an ISO 27002:2022 Gap Analysis will assess your compliance against the new control set and help you, identify where your current ISMS fails to meet the requirements, and what needs to be implemented to help you achieve 27001:2022 certification.
In ISO 27002:2022, the number of controls has decreased from 114 to 93. These controls are then categorised into four themes:
24 existing controls have been merged, 58 updated and there are now 11 new controls to reflect the current cyber security landscape. These include:
Ensure your organisation is ready to move to ISO 27001:2022 with the help of a ISO 27002 Controls Gap Analysis:
Our team of certified and experienced consultants help organisations of all sizes monitor and manage their information security. We understand that each organisation has unique processes and procedures, so we’ll work with you to understand your ISMS and provide appropriate advice on how you can easily address any areas of non-conformity.
We also offer additional solutions such as penetration testing, 24/7 security monitoring and assistance with other compliance engagements such as the GDPR and Cyber Essentials.
ISO 27001 compliance has helped us improve our security investment and build credibility with our global client base, as well as enabled us to successfully win UK Government procurement contracts. Bulletproof made the whole process easy and effortless from start to finish, strengthening our information security and improving our position in the industry.
One of our expert ISO 27002 gap analysis consultants will get back to you as soon as possible.
I'd like to receive free cyber and compliance resources, and stay up-to-date with Bulletproof services. Privacy policy
ISO 27002 is the set of technical controls which is referenced in Annex A of ISO 27001. It explains each of the controls in more detail and provides information on what the control is, what the objective of the control is and how to implement it. Consider it as the user manual for the controls.
Not yet, but you will eventually. Once the new version of ISO 27001 comes out (which is expected in the autumn of 2022) this will reference the new ISO 27002:2022 controls. It is widely expected that organisations will have two years from the date of the publication of the new ISO 27001:2022 to achieve certification against the new standard, however this is yet to be confirmed.
There are 93 controls in 27002:2022, in comparison to the 114 controls in 27002:2013. In 27002:2013, controls were broken into 14 control sets. With 27002:2022, the structure has been changed to group the controls by four themes: People (8 controls), Organisational (37 controls), Technological (34 controls) and Physical (14 controls).
ISO 27002:2022 has also introduced 11 new controls which cover:
24 controls have been merged from two, three, or more controls from the 2013 version; thus reducing the number of overall controls in the 2022 version.