The latest version, ISO 27001 2022 was released on October 25. It replaces the 2013 version of ISO 27001. Let’s find out what the key changes are and how the latest revision to the ISO standard impacts businesses.
ISO 27001 is a framework for an information security management system (ISMS) that can be used by companies of any size or type. The key focus of this framework is managing risks related to information security. As cyber threats evolve and seek out new vulnerabilities in companies, it is important to identify and manage the risks to the confidentiality, integrity, and availability of information.
The updated ISO/IEC 27001:2022 provides best practices for managing these risks. The list of information security controls in the normative Annex A of the new ISO/IEC 27001:2022 is derived from the revised ISO/IEC 27002:2022 guidance.
The implementation guidance for the new standard was adopted earlier this year and features a simpler taxonomy and updated security controls. With the publication of ISO/IEC 27001:2022, the successful ISO 27001/27002 tandem is once again a state-of-the-art solution for managing information security risks.
One of the important changes in the new ISO/IEC 27001:2022 is the adoption of the 'Harmonized Structure', which places a greater emphasis on process orientation in an effective ISMS. This structure recognizes that effective management systems are built on clear processes and the interactions between them, as well as well-defined criteria for controlling these processes. By incorporating this process-oriented approach, the new standard is better able to support the implementation of an effective information security management system.
Below is a summary of some of the key changes to ISO 27001 2022.
There are a few editorial changes to improve the clarity and consistency of the standard, making it easier to understand and use. Two main changes are:
These changes reflect the latest best practices in information security management and are designed to improve the effectiveness and flexibility of the standard. They include:
The new ISO/IEC 27001:2022 includes several important changes to Annex A, which reflect the updates made in ISO/IEC 27002:2022. These changes include:
These changes are designed to improve the effectiveness and usability of the standard, making it easier for organizations to implement and maintain an effective information security management system.
The deadline to transition to ISO 27001 2022 is October 31, 2025. Organizations that are not ISO 27001 certified can implement ISO 27001:2013 and get their certification until October 31, 2023. They will then have 2 years to transition to the latest version.
6clicks has updated its content library with a new document that includes the mandatory requirements for ISO 27001:2022. The document will help in implementing the revised standard and maintaining your information security.
Looking to automate ISO 27001 implementation? Check out our solutions page - ISO 27001 compliance. The 6clicks platform helps you implement multiple standards and achieve compliance by providing a unified platform. Don’t go through manual implementation for each standard - our AI engine helps you achieve regulatory compliance minus the hassles.
Read how 6clicks is the first company certified to ISO/IEC 27001:2022.
ISO 27001 Secrets: How To Supercharge Your ISMS In Record Time
Responsibilities of top management for ISO 27001 implementation