The International Accreditation Forum (IAF) published the new and improved ISO/IEC 27001:2022 in October 2022.
The international standard ISO 27001 has undergone a revision and undergone important improvements. In October 2022, the International Accreditation Forum (IAF) published the new and improved ISO/IEC 27001:2022, which replaces the previous version ISO 27001:2013. This article presents the most important changes, special features and challenges associated with the new ISO 27001 version from 2022.
Following the revision, the current ISO 27001:2022 no longer bears the name "Information technology - Security techniques - Information security management systems - Requirements", but has been changed to "Information security, cybersecurity and privacy protection - Information security management systems - Requirements". In the process, "privacy protection" has now been officially included in the title of the standard.
The structure has been summarized in four key areas
Organizational, Human, Physical and Technological instead of 14 in the previous edition.
The number of controls listed has been reduced from 114 to 93
Some controls have been merged, some have been removed, new ones have been introduced and others have been updated.
Each measure in was additionally categorized into five different attributes:
Overview of changes from version 2017 to 2022
Although the changes are significant, this does not mean that we have to completely revisit the topic of information security or make major changes to an existing information security management system (ISMS). Instead, they merely reflect long overdue adjustments to the increasing understanding of information security.
Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: