The most popular international information security management system standard ISO/IEC 27001 has been revised.
ISO/IEC 27001:2022 Information security management systems requirements is the primary of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago. This standard gives you the tools you need to mitigate the risks of breaches and cybercrime by implementing a robust information security management system (ISMS). Its adoption can help to promote trust in your business, provide opportunities to train your staff, lead to more productive ways of working and result in better customer experiences.
What are the key changes to ISO/IEC 27001?
Activated by the revision of ISO/IEC 27002:2022 Information security controls in February 2022, ISO/IEC 27001 has been revised to bring its guidance up to date with the current technological landscape. There are no major technical changes in this latest version of the standard, the amendment introduces several key benefits. These include:
- Reinforced resilience – the guidance of ISO/IEC 27001 continues to be under a process of constant evolution. This latest iteration of the standard has the up-to-date consensus of industry experts to ensure that its guidance remains as effective as ever in keeping your information assets resilient against today’s risks.
- A catalyst for conformance – some editorial changes have been made in ISO/IEC 27001 to fix text that is out of line with the latest version of the ISO/IEC Directives Part 1, 2022. This change ensures the conformance of ISO/IEC 27001 on a global level.
- Continuous control – the guidance in ISO/IEC 27001 has been realigned to the updated content in ISO/IEC 27002:2022 Information security controls, including a revision to Annex A. This change to the specifications in ISO/IEC 27001 ensures your ISMS is operating to up-to-date control management best practices. It gives you continuous protection of your assets by making your security controls relevant to the current technology landscape and threats, reducing the risk of a cyber breach occurring, and making your processes more robust.
- Effective implementation – there has been a reordering of clauses in ISO/IEC 27001 to ensure alignment with the harmonized structure for management system standards. This change ensures that ISO/IEC 27001:2022 continues to fit the high-level structure used in all management system standards (e.g. ISO 9001, ISO 14001, etc.). This has been put in place to help organisations that are implementing more than one management system standard at a time, achieve effective adoption of these processes.
Transition
Organisations who have implemented ISO/IEC 27001:2013 will need to conform with the newly published 2022 revision, as the previous version will be withdrawn after a short transition period.
Back to Blog