The internationally recognized standard ISO/IEC 27001, which aims to protect the confidentiality, availability, and integrity of organizations’ information assets, has been updated and a new, more pertinent edition has been released on October 25, 2022. This is because the world is currently facing new, evolving security challenges.
The ISO/IEC 27001:2022 standard has undergone several significant new modifications, including a significant change to Annex A, minor updates to the clauses, and a change to the standard’s name. The most recent version of ISO/IEC 27002 was released at the start of 2022, and its most recent revisions also had an effect on ISO/IEC 27001. The full title of the new edition, which differs from ISO/IEC 27001:2013, is ISO/IEC 27001:2022 Information Security, Cyber security, and Privacy Protection.
The new standard has added new requirements in the clauses such as;
In addition to the new requirements, clauses 10.1 and 10.2 are swapped in the new version of the standard.
Annex A security controls of the new standard has been updated in such that the controls are grouped in 4 categories;
In the new standard, there are 23 renamed controls, 57 merged controls, 1 split control and 11 new controls. The controls that have not changed are 35 in total. Previously, the standard had 114 controls divided in 14 sections and now the standard has a total of 93 controls divided into 4 sections. New controls added in the newer version are as follows,
There is plenty of time to make the necessary modifications because certified organizations have a three-year transition period to update their management system in order to comply with the new edition of ISO 27001. It is worth examining if you need to switch earlier because some certification organizations might stop granting certification to the 2013 revision of the Standard before that. If you are scheduled to renew your certification during the transition period, you should not wait until the last minute to fulfil your new duties since this could compromise the new control set.
Implementing the new controls has the benefit of making it simpler to focus your selections because they are distinguishable by attribute. This may help you see how to better integrate your security processes or lessen the compliance burden, which will make it simpler to implement and manage your ISMS.
The information security management system (ISMS) framework is described in ISO 27001, and it applies to all businesses, regardless of organizational structure, size, or viewpoint. Risk management is key in this situation. In order to target and compromise information flows and therefore business operations, evolving cyber threats are continually taking advantage of new potential weaknesses in organizations. It’s important to identify and manage the threats this mechanism poses to the confidentiality, integrity, and availability, the three fundamental protection objectives in information security.
The ISO/IEC 27001:2022 update offers the best management techniques for these information security issues. The revised ISO/IEC 27002:2022 guidance served as the basis for the list of potential information security controls in the normative Annex A of the new ISO/IEC 27001:2022 standard. The implementation guidelines, which have a more straightforward taxonomy and modern security controls, were already adopted in February of this year. The successful ISO standard tandem 27001/27002 and its useful recommended measures are once again state-of-the-art with the publication of the new ISO/IEC 27001:2022.
WhatsApp us