Updates to ISO 27001

The International Organisation for Standardisation periodically updates ISO 27001 and related standards to keep pace with technological developments. The revised drafts of ISO 27001 and ISO 27002 are under review, pending an official release later this year.

ISO 27001 is a vital standard for businesses to get certified for if they are serious about information security and want to demonstrate that to their clients. The requirements in the ISO 27001 standard will protect businesses from most cyber-attacks looking to steal data. ISO 27001 goes further than the Cyber Essentials certification and covers information in all forms, whether it is digital or physical.

The proposed changes to the standards are moderate and their purpose is mainly to simplify the implementation of ISO 27002. The number of controls has decreased from 114 to 93 and they are arranged in 4 sections instead of 14 as in ISO 27002:2013.

There are 11 new controls for businesses to consider. No controls have been removed, although many have been merged to bring the overall total down.

Some of the key updates to ISO 27001:

· The main part of ISO 27001 (clauses 4 to 10) is not changing. These clauses include scope, interested parties, Information security policy, risk management, training and awareness, corrective actions, etc.

· ISO is only updating the security controls listed in ISO 27001 Annex A

· The overall number of controls has decreased from 114 to 93

· Controls are now arranged in 4 sections instead of the previous 14

· There are 11 new controls:

§ 5.7 Threat intelligence

§ 5.23 Information security for use of cloud services

§ 5.30 ICT readiness for business continuity

§ 7.4 Physical security monitoring

§ 8.9 Configuration management

§ 8.10 Information deletion

§ 8.11 Data masking

§ 8.12 Data leakage prevention

§ 8.16 Monitoring activities

§ 8.23 Web filtering

§ 8.28 Secure coding

The transition period for companies to implement these changes has not been officially published yet, but it will be around two years starting from the official release date of the ISO 27001:2022 update.

To get your organisation ready for the change to ISO 27001:2022, OmniCyber recommends:

· Gap assessment against the new controls

· Implement the new controls

· Conduct an internal audit

· Get ready for a certification audit.

OmniCyber Security will support you through the entire process of becoming compliant with ISO 27001. Contact our expert team today to find out what the ISO 27001 changes mean for you.

Contact us

A woman leading employees in a training session in an office.

The Importance of Security Awareness Training

John March 9, 2023

In cybersecurity, the biggest holes in an organisation’s defence are often not weak firewalls or ineffective virus scanners, but people. Major threats to security regularly

Find Out More

The Importance of Cybersecurity Compliance: ISO 27001 and PCI DSS

John February 24, 2023

Compliance with security standards such as ISO 27001 and PCI DSS is crucial for organizations that handle sensitive information. As cyber threats continue to evolve

Find Out More

Cyber Essentials Is A Must-Have For Small Businesses

John February 9, 2023

Why Cyber Essentials is a Must-Have for Small Businesses Why Cyber Essentials is a Must-Have for Small Businesses Why Cyber Essentials is a Must-Have for

Find Out More

Updates to ISO 27001

Some of the key updates to ISO 27001:

Contact us

Related Articles

The Importance of Security Awareness Training

The Importance of Cybersecurity Compliance: ISO 27001 and PCI DSS

Cyber Essentials Is A Must-Have For Small Businesses

Secure every inch of your business

Services

Company