top of page
  • Admin

The new version of the ISO/IEC 27001 information security management system standard

ISO/IEC 27001 is an information security management system standard that sets universal best practices for creating and maintaining an information security management system (ISMS).

The ISO 27001 standard helps organizations protect the confidentiality, integrity and availability of their information. Those three elements form the basis of good information security. ISO/IEC 27001 helps protect information in any form, but cybersecurity — which protects digital information — plays a major role.

Like other ISO management system standards, the requirements of ISO/IEC 27001 are designed to shape an organization's business processes, but due to the technical nature of information security, this standard includes specific security controls that organizations must follow. ISO/IEC 27001 defines these in Annex A. However, Annex A does not provide details on these controls.

These details are defined in ISO/IEC 27002 Security Techniques and Code of Practice for Information Security Controls. This standard contains the complete security controls listed in Annex A of the ISO/IEC 27001 standard. ISO/IEC 27002 serves as documented guidance information, explaining the security controls referred to in the ISO/IEC 27001 certification standard.

The transition period to the new version of ISO/IEC 27001:2022 lasts 36 months, i.e. until October 2025.

The main changes in the revision of ISO 27001:2022 are: 1. The main part of ISO 27001, i.e. clauses 4 to 10, has been changed only slightly. 2. Changes to Appendix A security controls are moderate. 3. The number of controls was reduced from 114 to 93. 4. The controls are placed in 4 sections, instead of the previous 14. 5. There are 11 new controls, while no controls have been deleted, and many controls have been merged. Read more information about ISO/IEC 27001:2022 on the official website of the ISO organization

4 views0 comments
bottom of page