What do you need to know to implement or transition to ISO 27001:2022?
ISO has recently published the new ISO 27001:2022 Information Security standard to replace the 2013 version. The new changes have been implemented to reflect the ever-changing world of information security with the increasing amount of data being processed whilst we conduct business and live our lives.
Changes have been made to the standard to align better with the harmonized structure for the management system standards i.e., Annex SL. However, more significant changes have been made in Annex A with the regrouping of the original 14 control objectives to 4 broader themes, namely Organisation, People, Physical & Technological Controls.
A number of the original controls have been consolidated and 11 new controls added, resulting in there now being 93 controls compared to the previous 114 controls.
The supporting ISO 27002:2022 standard now provides more guidance to aid businesses implement the controls.
ISO 2702:2022 also introduces 5 control attributes
- Control Type
- Information Security Properties
- Cybersecurity Concepts
- Operational Capabilities
- Security Domains
If you already have ISO 27001 certification, then you will have 3 yrs to transition to the new version.
How can ISO 27001:2022 benefit your business?
- Securing information
- Resilience against cyber attacks
- Central framework for securing information
- Organisation-wide protection
- Responsive to security threats
- Reduced costs
- Protection if Integrity, Confidentiality & Availability of data
QHSE Aberdeen can assist organisations, develop and implement the new ISO 27001:2022 Information Security Management System.
Contact us for more information