ISO 27001 vs ISO 27002: what the distinction actually means for your audit evidence | Vulnox Blog