Virtual Classroom Training

Including Remote Audits

+44 (0)121 779 3337

The new ISO/IEC 27001:2022 standard

The new ISOIEC 270012022 standard

The global digital landscape is changing. New business practices, such as remote working, “bring your own device” and Industry 4.0 to name a few, have become widespread, and core business practices are increasingly cloud-based and digitally reliant.

In response, the ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Controls for Information Security standards have been updated to reflect this evolution.

These updates provide more robust controls, enabling your organization to address increasingly sophisticated security risks, ensure business continuity, and gain a competitive advantage. Understanding these changes and their impact on your organization as soon as possible will ensure your information remains protected, and that you continue to maximize your competitive edge.

Watch the ISO/IEC 27001:2022 video to understand the changes

Changes to the ISO 27001 standard

There are editorial changes, including:

  • “International standard” replaced with “document” throughout
  • Re-arranging of some English phrases to allow for easier translation

There are also changes to align with the ISO harmonized approach:

  • Numbering re-structure
  • Requirement to define processes needed for implementing the ISMS and their interactions
  • Explicit requirement to communicate organizational roles relevant to information security within in the organization
  • New clause 6.3 – Planning of Changes
  • New requirement to ensure the organization determines how to communicate as part of clause 7.4
  • New requirements to establish criteria for operational processes and implementing control of the processes

Key changes in this revision come in Annex A, reflecting the changes made in ISO/IEC 27002:2022. These changes are:

  • The structure has been consolidated into four key areas
    Organizational, People, Physical and Technological instead of 14 in the previous edition
  • Controls listed have decreased from 114 to 93
    Some controls have been merged, some have been removed, new ones have been introduced, and others updated
  • The concept of attributes has been introduced
    Aligned with common terminology used within digital security, these five attributes are: Control type, Information security properties, Cybersecurity concepts, Operational capabilities, and Security domains
By completing the transition and adopting the ISO/IEC 27001:2022 standard, you strengthen your organization’s information security posture, support your digitization strategy, reduce the risks of information breaches, build trust in your brand, and build your organization’s information resilience. Contact Temple QMS today for support with the updates and implementation.
Facebook
Twitter
LinkedIn

Related Posts