{"id":192877,"date":"2026-06-19T13:59:36","date_gmt":"2026-06-19T11:59:36","guid":{"rendered":"https:\/\/factorialhr.com\/blog\/?p=192877"},"modified":"2026-06-19T14:26:24","modified_gmt":"2026-06-19T12:26:24","slug":"iso-27001-vs-iso-27002","status":"publish","type":"post","link":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/","title":{"rendered":"ISO 27001 vs. ISO 27002: What&#8217;s the Difference?"},"content":{"rendered":"<p>If your company is dipping its toes into information security for the first time, you&#8217;ve almost certainly come across the <strong>ISO 27001<\/strong> standard. And right alongside it, you&#8217;ve probably bumped into another standard with a suspiciously similar name: <strong>ISO 27002<\/strong>. Are they the same thing? Does one replace the other? Do you need to implement both?<\/p>\n<p>The confusion makes sense. Both belong to the same ISO\/IEC 27000 family, they share the same broad goal\u2014protecting an organization&#8217;s information\u2014and their controls even use the same numbering. But they aren&#8217;t equivalent or interchangeable, and each plays a distinct role within an Information Security Management System (ISMS).<\/p>\n<p>In this article, we&#8217;ll walk through <strong>what each one is, how they differ, and how they fit together<\/strong>, so you know exactly what role each standard plays in your compliance strategy.<\/p>\n<h2>What is ISO 27001?<\/h2>\n<p><a href=\"https:\/\/factorialhr.com\/blog\/iso-27001\/\">ISO 27001<\/a> (officially ISO\/IEC 27001) is the international standard that sets the requirements for building, maintaining, and improving an <strong>Information Security Management System (ISMS)<\/strong>. Its first version dates back to 2005, and the latest update landed in October 2022. It&#8217;s the most widely recognized reference in the field, with a presence in more than 150 countries.<\/p>\n<p>What really sets it apart from the other standards in the family is that it&#8217;s certifiable. Any organization, regardless of size or industry, can go through an external audit performed by an accredited body and <strong>earn an official certificate with international validity<\/strong>. That certificate is good for three years, with annual surveillance audits along the way.<\/p>\n<p>The standard is split into two parts. On one side are the <strong>mandatory clauses<\/strong> (4 through 10), which define how to build and run the ISMS. On the other is <strong>Annex A<\/strong>, which lists 93 security controls grouped into four categories. You don&#8217;t have to apply all of these controls\u2014each organization documents which ones apply and which don&#8217;t in its Statement of Applicability (SoA).<\/p>\n<p>It&#8217;s also the usual jumping-off point for tackling other frameworks like <strong>SOC 2<\/strong>, <strong>HIPAA<\/strong>, or state privacy laws such as the CCPA, since it shares a good chunk of the same risk management and security principles.<\/p>\n<h3>ISO 27001 key takeaways<\/h3>\n<ul>\n<li>It&#8217;s the <strong>international standard<\/strong> for Information Security Management Systems (ISMS).<\/li>\n<li>A standard you can certify against through an accredited body, <strong>valid for three years with annual surveillance audits<\/strong>.<\/li>\n<li>It follows a common <strong>high-level structure (HLS)<\/strong>, making it compatible with other ISO standards like 9001 and 14001.<\/li>\n<li>It includes <strong>93 controls<\/strong> in Annex A, organized into <strong>four categories<\/strong> (organizational, people, physical, and technological).<\/li>\n<li>It defines the <strong>management requirements<\/strong>\u2014in other words, what the organization needs to do to keep its ISMS running.<\/li>\n<li>It works as a common <strong>starting point<\/strong> for meeting frameworks like SOC 2 and HIPAA.<\/li>\n<\/ul>\n<h2>What is ISO 27002?<\/h2>\n<p>ISO 27002 (officially ISO\/IEC 27002) is the best-practices guide that spells out <strong>how to implement the security controls<\/strong> referenced in Annex A of ISO 27001. Its latest version, published in February 2022, completely reorganized the catalog, going from the previous 114 controls down to today&#8217;s 93, spread across four categories.<\/p>\n<p>Unlike 27001, <strong>it isn&#8217;t a certifiable standard<\/strong>. It doesn&#8217;t set auditable requirements and can&#8217;t serve as the basis for an official certificate. Its role is complementary: it&#8217;s a technical reference document that gives organizations a detailed description of each control, with guidance on its purpose, design, and implementation.<\/p>\n<p>If ISO 27001 tells you which controls your organization should consider, <strong>ISO 27002 explains how to put them into practice<\/strong>. A control that 27001 sums up in a single sentence gets a full page in 27002, complete with examples, recommendations, and usage considerations. It&#8217;s the go-to resource for any security lead who&#8217;s rolling out or revisiting an ISMS.<\/p>\n<h3>ISO 27002 key takeaways<\/h3>\n<ul>\n<li>It&#8217;s a <strong>best-practices guide<\/strong>, not a certifiable standard.<\/li>\n<li>Its <strong>latest version is from 2022<\/strong>, with 93 controls organized into four categories.<\/li>\n<li>It fleshes out the controls referenced in <strong>Annex A of ISO 27001<\/strong>.<\/li>\n<li>It provides <strong>practical guidance<\/strong> on the purpose and implementation of each control.<\/li>\n<li>It&#8217;s <strong>applicable to any organization<\/strong>, whatever its size or industry.<\/li>\n<li>It serves as a common <strong>technical reference<\/strong> for auditors and security leads.<\/li>\n<\/ul>\n<div class=\"factorial-banner inline-banner banner-other category-iso-27001\"\n    data-banner-id=\"192879\"\n    data-banner-type=\"other\"\n    data-category=\"ISO 27001\">\n    <div class=\"banner-content\">\n        <div class=\"banner-text\">\n                            <h4>Get ISO 27001 certified in weeks<\/h4>\n            \n                            <p>Factorial IT combines MDM, access management, and a dedicated compliance consultant to take you from zero to certified.<\/p>\n            \n                            <a href=\"https:\/\/factorialhr.com\/iso-27001\"\n                    class=\"factorial-cta-button not-prose freebie\" data-cta=\"other\" data-cta-position=\"inline-banner\">\n                    Learn more                <\/a>\n                    <\/div>\n\n        <div class=\"banner-image has-image\">\n            <img decoding=\"async\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2026\/06\/19135845\/EN-ISO27001.png\" class=\"not-prose\" \/>\n        <\/div>\n    <\/div>\n<\/div>\n<h2>ISO 27001 vs. ISO 27002: the differences<\/h2>\n<p>Even though the two standards were updated around the same time and share the same control structure, the differences between them are significant. One sets the requirements for the management system, and the other provides the technical guide for applying those requirements. Here are the main differences between the two:<\/p>\n<table>\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><strong>Criteria<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>ISO 27001<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>ISO 27002<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Type of standard<\/strong><\/td>\n<td style=\"text-align: center;\">Requirements standard (ISMS)<\/td>\n<td style=\"text-align: center;\">Best-practices guide<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Certifiable<\/strong><\/td>\n<td style=\"text-align: center;\">Yes, through an accredited body<\/td>\n<td style=\"text-align: center;\">No<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Current version<\/strong><\/td>\n<td style=\"text-align: center;\">ISO\/IEC 27001:2022<\/td>\n<td style=\"text-align: center;\">ISO\/IEC 27002:2022<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Focus<\/strong><\/td>\n<td style=\"text-align: center;\">What to do to build an ISMS<\/td>\n<td style=\"text-align: center;\">How to implement the controls<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Structure<\/strong><\/td>\n<td style=\"text-align: center;\">Clauses 4\u201310 + Annex A<\/td>\n<td style=\"text-align: center;\">93 controls developed in detail<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Level of detail per control<\/strong><\/td>\n<td style=\"text-align: center;\">About a sentence<\/td>\n<td style=\"text-align: center;\">A full page<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Required documentation<\/strong><\/td>\n<td style=\"text-align: center;\">Yes (SoA, policy, risk assessment)<\/td>\n<td style=\"text-align: center;\">No documentation required<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Audit<\/strong><\/td>\n<td style=\"text-align: center;\">Yes, the basis for certification<\/td>\n<td style=\"text-align: center;\">Technical reference for the auditor<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Applicability<\/strong><\/td>\n<td style=\"text-align: center;\">Any organization<\/td>\n<td style=\"text-align: center;\">Any organization<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><strong>Role within the ISMS<\/strong><\/td>\n<td style=\"text-align: center;\">Defines the management framework<\/td>\n<td style=\"text-align: center;\">Supports implementing the framework<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>When should you use ISO 27001 vs. ISO 27002?<\/h2>\n<p>The question is a little misleading, because in practice <strong>you almost never pick one and toss out the other<\/strong>. The two standards work in tandem: ISO 27001 defines the ISMS framework, and ISO 27002 explains how to apply each of its controls.<\/p>\n<p>You can see this right down to the details. Control A.5.15 in ISO 27001 shows up in Annex A simply as <em>&#8220;Access control.&#8221;<\/em> ISO 27002 devotes several pages to that same control\u2014what it&#8217;s for, how to define access rules, which best practices to follow, and how to review it. One says the control needs to exist; the other explains how to build it. The 2022 update reinforced this relationship even further, since both standards aligned their structure and now share the same control numbering.<\/p>\n<p>That said, there are scenarios where it makes sense to lean on one standard more than the other.<\/p>\n<p>If your goal is to <strong>get certified for a client, an RFP, or a regulator<\/strong>, ISO 27001 is your only valid option. 27002 doesn&#8217;t allow for official certification and is used purely as a supporting technical reference. The same goes if you&#8217;re prepping for <strong>SOC 2<\/strong> or a similar framework, since those lean heavily on the ISMS structure that 27001 defines.<\/p>\n<p>If what you need is to <strong>document internal controls without going through an external audit<\/strong>, or you&#8217;re training technical teams and putting together reference material, ISO 27002 tends to be more useful. Its level of detail per control is a better fit than the more abstract language of 27001.<\/p>\n<p>And if you work as a <strong>consultant or auditor<\/strong>, the natural move is to keep both on hand. 27001 tells you what to assess; 27002 guides you on how each control should actually be implemented in practice.<\/p>\n<h2>How does Factorial IT help with ISO 27001 and ISO 27002?<\/h2>\n<p>From a single platform, <a href=\"https:\/\/factorialhr.com\/factorial-it\">Factorial IT<\/a> covers several of the <strong>Annex A controls in ISO 27001 that ISO 27002 develops in detail<\/strong>\u2014mainly the ones tied to identities, devices, SaaS access, antivirus, and employees. The evidence any auditor asks for on these controls is generated automatically through day-to-day operations, so there&#8217;s nothing to scramble to rebuild the night before the audit. Here are the six areas the platform covers.<\/p>\n<p><!-- IMAGE TO RE-UPLOAD on the US instance: \"Factorial IT platform\" visual (source: factorial.es CDN) --><\/p>\n<ul>\n<li><strong>IT asset inventory:<\/strong> an automatic catalog of the company&#8217;s devices, software, and access, always up to date and exportable for audits.<\/li>\n<li><strong>Access management:<\/strong> centralized management of access to SaaS tools, with permissions automatically granted and revoked based on the employee&#8217;s role.<\/li>\n<li><strong>Device security:<\/strong> encryption, passwords, and lock screens applied automatically on every machine. Compatible with Mac, iOS, Windows, and Linux.<\/li>\n<li><strong>Secure offboarding:<\/strong> when a departure is logged in HR, all of the employee&#8217;s access is shut down with no manual work and no leftover accounts.<\/li>\n<li><strong>Malware protection:<\/strong> advanced antivirus deployed on every device, with detection for malware, ransomware, and zero-day threats.<\/li>\n<li><strong>Audit evidence:<\/strong> compliance logs and reports generated automatically, ready to export and hand to your auditor at any time.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>If your company is dipping its toes into information security for the first time, you&#8217;ve almost certainly come across the ISO 27001 standard. And right alongside it, you&#8217;ve probably bumped into another standard with a suspiciously similar name: ISO 27002. Are they the same thing? Does one replace the other? Do you need to implement<a href=\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/\" class=\"read-more\"> [&#8230;]<\/a><\/p>\n","protected":false},"author":352,"featured_media":192884,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1096],"tags":[],"class_list":["post-192877","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iso-27001-2"],"acf":{"topics":"factorial-it"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.9.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ISO 27001 vs. ISO 27002: What&#039;s the Difference? | Factorial<\/title>\n<meta name=\"description\" content=\"Not sure how ISO 27001 and ISO 27002 differ? We break down everything you need to know so you can tell exactly what each standard does.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 27001 vs. ISO 27002: What&#039;s the Difference?\" \/>\n<meta property=\"og:description\" content=\"Not sure how ISO 27001 and ISO 27002 differ? We break down everything you need to know so you can tell exactly what each standard does.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/\" \/>\n<meta property=\"og:site_name\" content=\"Factorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-19T11:59:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-19T12:26:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2026\/06\/19135901\/iso-27001-vs-iso-27002-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"976\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Enrique Quiroga\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@factorialapp\" \/>\n<meta name=\"twitter:site\" content=\"@factorialapp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Enrique Quiroga\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/\"},\"author\":{\"name\":\"Enrique Quiroga\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014\"},\"headline\":\"ISO 27001 vs. ISO 27002: What&#8217;s the Difference?\",\"datePublished\":\"2026-06-19T11:59:36+00:00\",\"dateModified\":\"2026-06-19T12:26:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/\"},\"wordCount\":1323,\"publisher\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\"},\"articleSection\":[\"ISO 27001\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/\",\"url\":\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/\",\"name\":\"ISO 27001 vs. ISO 27002: What's the Difference? | Factorial\",\"isPartOf\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#website\"},\"datePublished\":\"2026-06-19T11:59:36+00:00\",\"dateModified\":\"2026-06-19T12:26:24+00:00\",\"description\":\"Not sure how ISO 27001 and ISO 27002 differ? We break down everything you need to know so you can tell exactly what each standard does.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#website\",\"url\":\"https:\/\/factorialhr.com\/blog\/\",\"name\":\"Factorial\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/factorialhr.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\",\"name\":\"All-in-one business management software - Factorial\",\"url\":\"https:\/\/factorialhr.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png\",\"contentUrl\":\"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png\",\"width\":946,\"height\":880,\"caption\":\"All-in-one business management software - Factorial\"},\"image\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/\",\"https:\/\/twitter.com\/factorialapp\",\"https:\/\/www.linkedin.com\/company\/factorialhr\",\"https:\/\/www.youtube.com\/@factorialmedia\",\"https:\/\/www.instagram.com\/factorial\/#\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014\",\"name\":\"Enrique Quiroga\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g\",\"caption\":\"Enrique Quiroga\"},\"url\":\"https:\/\/factorialhr.com\/blog\/author\/enrique-quiroga\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"ISO 27001 vs. ISO 27002: What's the Difference? | Factorial","description":"Not sure how ISO 27001 and ISO 27002 differ? We break down everything you need to know so you can tell exactly what each standard does.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/","og_locale":"en_US","og_type":"article","og_title":"ISO 27001 vs. ISO 27002: What's the Difference?","og_description":"Not sure how ISO 27001 and ISO 27002 differ? We break down everything you need to know so you can tell exactly what each standard does.","og_url":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/","og_site_name":"Factorial","article_publisher":"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/","article_published_time":"2026-06-19T11:59:36+00:00","article_modified_time":"2026-06-19T12:26:24+00:00","og_image":[{"width":1800,"height":976,"url":"https:\/\/factorialhr.com\/wp-content\/uploads\/2026\/06\/19135901\/iso-27001-vs-iso-27002-1.png","type":"image\/png"}],"author":"Enrique Quiroga","twitter_card":"summary_large_image","twitter_creator":"@factorialapp","twitter_site":"@factorialapp","twitter_misc":{"Written by":"Enrique Quiroga","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/#article","isPartOf":{"@id":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/"},"author":{"name":"Enrique Quiroga","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014"},"headline":"ISO 27001 vs. ISO 27002: What&#8217;s the Difference?","datePublished":"2026-06-19T11:59:36+00:00","dateModified":"2026-06-19T12:26:24+00:00","mainEntityOfPage":{"@id":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/"},"wordCount":1323,"publisher":{"@id":"https:\/\/factorialhr.com\/blog\/#organization"},"articleSection":["ISO 27001"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/","url":"https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/","name":"ISO 27001 vs. ISO 27002: What's the Difference? | Factorial","isPartOf":{"@id":"https:\/\/factorialhr.com\/blog\/#website"},"datePublished":"2026-06-19T11:59:36+00:00","dateModified":"2026-06-19T12:26:24+00:00","description":"Not sure how ISO 27001 and ISO 27002 differ? We break down everything you need to know so you can tell exactly what each standard does.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/factorialhr.com\/blog\/iso-27001-vs-iso-27002\/"]}]},{"@type":"WebSite","@id":"https:\/\/factorialhr.com\/blog\/#website","url":"https:\/\/factorialhr.com\/blog\/","name":"Factorial","description":"","publisher":{"@id":"https:\/\/factorialhr.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/factorialhr.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/factorialhr.com\/blog\/#organization","name":"All-in-one business management software - Factorial","url":"https:\/\/factorialhr.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png","contentUrl":"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png","width":946,"height":880,"caption":"All-in-one business management software - Factorial"},"image":{"@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/","https:\/\/twitter.com\/factorialapp","https:\/\/www.linkedin.com\/company\/factorialhr","https:\/\/www.youtube.com\/@factorialmedia","https:\/\/www.instagram.com\/factorial\/#"]},{"@type":"Person","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014","name":"Enrique Quiroga","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g","caption":"Enrique Quiroga"},"url":"https:\/\/factorialhr.com\/blog\/author\/enrique-quiroga\/"}]}},"_links":{"self":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/192877"}],"collection":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/users\/352"}],"replies":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/comments?post=192877"}],"version-history":[{"count":3,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/192877\/revisions"}],"predecessor-version":[{"id":192903,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/192877\/revisions\/192903"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/media\/192884"}],"wp:attachment":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/media?parent=192877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/categories?post=192877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/tags?post=192877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}