Everything you need to know about the new updates to the ISO 27001:2022 Standard

The structure of ISO 27001 has been updated after almost a decade, although there are no major changes, it’s important you know what modifications have been made to the standard. To help you out, we have put together a guide with everything you need to know about the updates and what this means for your company. 

What Is ISO 27001?

ISO 27001 is the international standard that outlines best practices for an Information Security Management System (ISMS). Certification demonstrates a business’s commitment to the security and proper management of its information and data.

Created in response to growing concerns about cyber-attacks and data breaches, ISO 27001 structures how businesses should manage risk associated with information security threats — including policies, procedures, and staff training.

Because it is a globally recognised standard, certification can lead to enhanced business opportunities through an organisation’s ability to evidence the proper safeguarding of its information.

What are the main changes to the standard?  

The main changes to the standard are editorial changes, ISO Harmonized approach alignment changes and changes to Annex A.

We have explained the changes in a little more detail below:

Editorial Changes:

  • The words “International standard” have been replaced with “document” throughout.
  • Some of the English phrases have been re-arranged so that they translate easier.

ISO Harmonized approach alignment changes:

  • Numbering has been restructured.
  • The explicit requirement to communicate organizational roles relevant to information security within the organization.
  • Requirements to define processes needed for implementing the ISMS and their interactions.
  • A new clause has been introduced – 6.3: Planning of Changes.
  • New requirements have been added to ensure the organization determines how to communicate as part of clause 7.4
  • New requirements to establish criteria for operational processes and implementing control of the processes have been included.

Annex-A Changes:

Key changes in this revision come in Annex A, reflecting the changes made in ISO/IEC 27002:2022. These changes are:

  • The structure has been consolidated into 4 key areas: Organizational, People, Physical and Technological. This is instead of 14 in the previous edition.
  • The controls listed have decreased from 114 to 93
  • Some controls have been merged, some have been removed, new ones have been introduced, and others have been updated.
  • The concept of attributes has been introduced.
  • Aligned with the common terminology used within digital security, these five attributes are Control type, Information Security Properties, Cybersecurity Concepts, Operational Capabilities, and Security Domains.

How will the 2022 changes affect my current ISO 27001 Certificate?

Good news. The new updates do not impact your existing certification against the ISO 27001 standard. You will be allowed a transition period to allow you to efficiently move over to the new version of the certification. 

Making your transition to the updated ISO 27001 smoother!

Synergos are here to support you by helping you understand the changes to ISO 27001, to checking the impact on your organisation, implementing, and finally transitioning your certification.

Click here to contact one of our expert consultants.

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Picture of Lucy Eccles
Lucy Eccles
Digital Marketing Executive
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue