After nine years, updates have been made to ISO 27001, which governs information security and privacy protection. In this blog, we will discuss what is new for <a href=”https://www.iso.org/isoiec-27001-information-security.html”>ISO 27001</a> in 2022, and give some context into the standard as a whole.
<h4>What is ISO 27001?</h4>
First published in 1999 under the title BS 7799-2, this standard has been revised several times. It is the world’s most well-known standard for Information Security Management Systems (ISMS). The ISO 27000 family also includes supporting standards that promote the security of a variety of assets, including intellectual property, financial information, and third-party data.
<h4>What Has Changed in 2022?</h4>
So, what has changed in the 2022 revision of ISO 27001? Firstly, the establishing criteria for processes, and implementing controls for them, have been updated. Similar changes have been made in management review input, with differences recorded in the needs and expectations of interested parties. Furthermore, a range of new security controls have been added, including threat intelligence, information deletion, and data leakage prevention. Overall, small changes have been made to the management systems, and more widespread changes to the Annex A controls.
<h4>What Does This Mean for Certification?</h4>
The updated standard represents a deadline for companies seeking to gain or maintain their ISO 27001 certification. The 2013 standards can only be certified against until October 31st 2023, so for those who are in the process or just beginning it, the choice between the 2013 and 2022 revisions (the latter valid from October 25 2022) remains. However, all companies certified against the 2013 revision must transition to the 2022 revision by October 31st 2025.
To hear more about the updates to ISO 27001, and discuss how Mark1 can help you make the transition, you can contact us <a href=”https://mark1systems.com/get-in-touch/”>here</a>.
