What Are The Changes to ISO 27001

ISO 27001 is an internationally accepted information security standard that helps companies protect their crucial data and comply with data protection guidelines. Since it was published in 2005, there have been several updates through the years.

The information security management system standard ISO 27001:2013 and its code of practice ISO 27002 were recently updated to ISO 27001:2022 and ISO 27002:2022.

Let’s take a look at some of the changes in the 2022 update:

Name Change

The information security standard was renamed ISO 27001:2022. Besides, the “code of practice” has been dropped and replaced by ISO 27002:2022, which covers privacy and security requirements.

Number of Controls

The number of controls in the ISO 27000 series has decreased from 114 to 93. This is because several controls have been merged while others have been deleted due to duplication. The merged controls will ensure better alignment. Besides, there are 11 new controls, namely:

  • Secure coding
  • Web filtering
  • Monitoring activities
  • Information deletion
  • ICT readiness for business continuity
  • Configuration management
  • Data leakage prevention
  • Threat intelligence
  • Data masking
  • Physical security monitoring
  • Information security for the use of cloud services

Replacement or Removal of Some Terms

Terms like “control objectives” and “code of practice” have been eliminated.

Greater Attention to Cyber Risks

Cyber risks have received more emphasis on ISO 27001:2022, and companies may have to put more effort into protecting their systems and networks from cyberattacks.

Update of Clause 6.1.2 d

Some wording has been altered to make guidelines on the clause clearer.

In a nutshell, the 2022 version is more precise and relevant and keeps up with the latest information security technologies and security. The changes will make it easier for companies to improve their information security management systems.

What Does it Mean for Companies?

If your organisation has the previous ISO 27001 certification, you must ensure it complies with the revised version. The best thing is that these changes are not significant. Therefore, companies can implement them without difficulty. Besides, if your organisation is certified, you will have a two-year transition period to get ISO 27001:2022 certified.

Benefits of ISO 27001 Certification

Attaining the ISO 27001 certification comes with numerous benefits, Including:

  • Organisations can comply with the latest data protection regulations and laws, particularly in jurisdictions where the standard is accepted.
  • Businesses can enhance their operations by adopting risk management practices.
  • ISO 27001 certification reveals that your organisation takes the security of its information management systems (ISMS) seriously.
  • Organisations that adopt IT risk assessment and all practices outlined in ISO 27001 have reduced IT expenses.
  • ISO 27001 gives your organisation a competitive edge over similar businesses in the same industry.

How Next Practice Can Help Your Business

Are you looking to get your organisation certified under the ISO 27001 guidelines? Next Practice can offer the training and assessment you need to get ISO certified. Contact us today to discover more about our ISO 27001 certification process.