Updates to ISO 27001

The International Organisation for Standardisation periodically updates ISO 27001 and related standards to keep pace with technological developments. The latest versions of ISO 27001 and ISO 27002 were released on 25 October 2022.

ISO 27001 is a vital standard for businesses to get certified for if they are serious about information security and want to demonstrate that to their clients. The requirements in the ISO 27001 standard will protect businesses from most cyber-attacks looking to steal data. ISO 27001 goes further than the Cyber Essentials certification and covers information in all forms, whether it is digital or physical.

The proposed changes to the standards are moderate. The number of controls has decreased from 114 to 93 and they are arranged in 4 sections instead of 14 as in ISO 27002:2013.

There are 11 new controls for businesses to consider. No controls have been removed, although many have been merged to bring the overall total down.

Some of the key updates to ISO 27001:

· The main part of ISO 27001 (clauses 4 to 10) is not changing. These clauses include scope, interested parties, Information security policy, risk management, training and awareness, corrective actions, etc.

· ISO is only updating the security controls listed in ISO 27001 Annex A

· The overall number of controls has decreased from 114 to 93

· Controls are now arranged in 4 sections instead of the previous 14

· There are 11 new controls:

§ 5.7 Threat intelligence

§ 5.23 Information security for use of cloud services

§ 5.30 ICT readiness for business continuity

§ 7.4 Physical security monitoring

§ 8.9 Configuration management

§ 8.10 Information deletion

§ 8.11 Data masking

§ 8.12 Data leakage prevention

§ 8.16 Monitoring activities

§ 8.23 Web filtering

§ 8.28 Secure coding

When should ISO 27001:2022 be implemented?

The absolute deadline for implementing the changes in ISO 27001:2022 is 31 October 2025, however it will be sooner than that for many organisations, depending on your recertification timeline.

How To Prepare for ISO 27001:2022

To get your organisation ready for the change to ISO 27001:2022, OmniCyber recommends:

· Gap assessment against the new controls

· Implement the new controls

· Conduct an internal audit

· Get ready for a certification audit.

OmniCyber Security will support you through the entire process of becoming compliant with ISO 27001. Contact our expert team today to find out what the ISO 27001 changes mean for you.

Contact us..

The Biggest IT Outage In History: What Happened?

John July 19, 2024

Move over Y2K, there’s a new legendary outage in town. A broken software update has crashed Windows devices around the world, bringing airports, TV channels,

Find Out More

Understand Your Supply Chain Threats With Supplier Assurance

John July 2, 2024

Your organisation’s security extends beyond its own walls. Every organisation has suppliers. Whether they deliver products, systems, customers or services, the modern landscape of business

Find Out More

What Are the Requirements of ISO 27001?

John June 18, 2024

ISO 27001 is the internationally recognised standard for information security management systems (ISMS). It provides a robust framework that helps organisations manage their information

Find Out More

Updates to ISO 27001

Some of the key updates to ISO 27001:

When should ISO 27001:2022 be implemented?

How To Prepare for ISO 27001:2022

Contact us..

Related Articles

The Biggest IT Outage In History: What Happened?

Understand Your Supply Chain Threats With Supplier Assurance

What Are the Requirements of ISO 27001?

Secure every inch of your business

Services

Company