Escalating threats, innovative technology, greater connectivity and ISO/IEC 27002:2022 being published mean that ISO/IEC 27001 must evolve.
With Industry 4.0 and the Internet of Things (IoT), cyber threats have become more sophisticated and nearly a daily occurrence. These attacks affect not only the targeted enterprise, but also their business partners, suppliers and customers.
Organizations, individuals and nations must keep pace with the evolution of cyber threats and implement the latest protection measures to avoid data loss, lawsuits and reputational damage, among other things.
The importance of ISO/IEC 27001 certification
Adopted by tens of thousands of organizations, ISO/IEC 27001 certification demonstrates an organization’s commitment to information security and provides assurance to clients and other partners that it is serious about protecting information under its control.
The standard is technology agnostic, so it applies to whatever technology you have. It is written in such a way that any organization, from small business to large multi-billion dollar enterprise, can use it.
Evolution to meet the threats
ISO/IEC 27001 was last updated in 2013, and the cyber world and threats to it have dramatically evolved since then. The standard must follow suit and is malleable, to accommodate updates.
February 15, 2022, was a crucial day. ISO/IEC 27002:2022 – Information Security, Cybersecurity and Privacy Protection – Information Security Controls – was published. This meant that ISO/IEC 27001 Annex A needed updating to align with ISO/IEC 27002:2022’s controls.
The main changes in ISO/IEC 27001:2022
The name is changing to reflect the standard’s true scope. It will be ISO/IEC 27001:2022 – Information Security, Cybersecurity and Privacy Protection – Information Security Management Systems – Requirements. This also aligns with ISO/IEC 27002:2022’s new title.
Other changes include clause numbering, new and rearranged text, and Annex A updates, among others.
Support for current and new clients
If your organization is already ISO/IEC 27001 compliant, no changes in technology are needed, just updates in the documentation. You might need to revise internal policies, according to the new subclauses and modified requirements. Your risk assessment result and risk treatment plan(s) should also be reviewed and Statement of Applicability (SoA) updated.
The transition period will be three years from when ISO/IEC 27001:2022 is officially published, so you should have ample time to comply. Your ISO/IEC 27001 certificate remains valid until this period ends.
Whether you want a smooth transition or first certification to ISO/IEC 27001:2022, we have created a suite of services and materials, including transition training and guidance documents, to support current and new clients. Find out more.
For further information, please contact:
Associate Marketing Manager
m: +44 7912 426878
We are SGS – the world’s leading testing, inspection and certification company. We are recognized as the global benchmark for quality and integrity. Our 96,000 employees operate a network of 2,700 offices and laboratories, working together to enable a better, safer and more interconnected world.