There are editorial changes, including:
- “International standard” replaced with “document” throughout
- Re-arranging of some English phrases to allow for easier translation
There are also changes to align with the ISO harmonized approach:
- Numbering re-structure
- Requirement to define processes needed for implementing the ISMS and their interactions
- Explicit requirement to communicate organizational roles relevant to information security within in the organization
- New clause 6.3 – Planning of Changes
- New requirement to ensure the organization determines how to communicate as part of clause 7.4
- New requirements to establish criteria for operational processes and implementing control of the processes
Key changes in this revision come in Annex A, reflecting the changes made in ISO/IEC 27002:2022. These changes are:
- The structure has been consolidated into four key areas
Organizational, People, Physical and Technological instead of 14 in the previous edition
- Controls listed have decreased from 114 to 93
Some controls have been merged, some have been removed, new ones have been introduced, and others updated
- The concept of attributes has been introduced
Aligned with common terminology used within digital security, these five attributes are: Control type, Information security properties, Cybersecurity concepts, Operational capabilities, and Security domains
By completing the transition and adopting the ISO/IEC 27001:2022 standard, you strengthen your organization’s information security posture, support your digitization strategy, reduce the risks of information breaches, build trust in your brand, and build your organization’s information resilience. Contact
Temple QMS today for support with the updates and implementation.