Updates to ISO 27001

The International Organisation for Standardisation periodically updates ISO 27001 and related standards to keep pace with technological developments. The latest versions of ISO 27001 and ISO 27002 were released on 25 October 2022.

ISO 27001 is a vital standard for businesses to get certified for if they are serious about information security and want to demonstrate that to their clients. The requirements in the ISO 27001 standard will protect businesses from most cyber-attacks looking to steal data. ISO 27001 goes further than the Cyber Essentials certification and covers information in all forms, whether it is digital or physical.

The proposed changes to the standards are moderate. The number of controls has decreased from 114 to 93 and they are arranged in 4 sections instead of 14 as in ISO 27002:2013.

There are 11 new controls for businesses to consider. No controls have been removed, although many have been merged to bring the overall total down.

Some of the key updates to ISO 27001:

· The main part of ISO 27001 (clauses 4 to 10) is not changing. These clauses include scope, interested parties, Information security policy, risk management, training and awareness, corrective actions, etc.

· ISO is only updating the security controls listed in ISO 27001 Annex A

· The overall number of controls has decreased from 114 to 93

· Controls are now arranged in 4 sections instead of the previous 14

· There are 11 new controls:

§ 5.7 Threat intelligence

§ 5.23 Information security for use of cloud services

§ 5.30 ICT readiness for business continuity

§ 7.4 Physical security monitoring

§ 8.9 Configuration management

§ 8.10 Information deletion

§ 8.11 Data masking

§ 8.12 Data leakage prevention

§ 8.16 Monitoring activities

§ 8.23 Web filtering

§ 8.28 Secure coding

When should ISO 27001:2022 be implemented?

The absolute deadline for implementing the changes in ISO 27001:2022 is 31 October 2025, however it will be sooner than that for many organisations, depending on your recertification timeline.

How To Prepare for ISO 27001:2022

To get your organisation ready for the change to ISO 27001:2022, OmniCyber recommends:

· Gap assessment against the new controls

· Implement the new controls

· Conduct an internal audit

· Get ready for a certification audit.

OmniCyber Security will support you through the entire process of becoming compliant with ISO 27001. Contact our expert team today to find out what the ISO 27001 changes mean for you.

Contact us..

The Risks Of Broken Authentication (and how to identify vulnerabilities)

Jennifer December 5, 2023

Authentication, the process of confirming identities, lies at the core of cybersecurity. However, when this critical system falters, it opens the door to a significant

Find Out More

NordPass Publishes The Most Common Passwords of 2023

John November 30, 2023

NordPass recently published its annual list of the top 200 most common passwords in the world, and the top 10 are all very predictable. The

Find Out More

The Road to Automotive Cybersecurity: WP.29

John November 16, 2023

In recent years, the automotive landscape has witnessed a transformative wave with the rise of connected vehicles. With an anticipated 93% of cars in the

Find Out More

Updates to ISO 27001

Some of the key updates to ISO 27001:

When should ISO 27001:2022 be implemented?

How To Prepare for ISO 27001:2022

Contact us..

Related Articles

The Risks Of Broken Authentication (and how to identify vulnerabilities)

NordPass Publishes The Most Common Passwords of 2023

The Road to Automotive Cybersecurity: WP.29

Secure every inch of your business

Services

Company