Imminent changes to ISO 27001: 2013

ISO 27001 – The situation explained

ISO 27001 is a widely recognised Standard for establishing, implementing, maintaining, and continually improving Information Security Management Systems (ISMS). The Standard includes requirements for the assessment and treatment of information security risks and is supplemented by Annex A, Control Objectives and Controls.

ISO 27002: 2022

Key takeaways from the revised ISO 27002: 2022 (Information Security Controls) include:

• Recognition of changes in the threat landscape, specifically with regards to cloud infrastructure
• Merging of 24 separate controls where measures complemented each other
• Implementation of 58 new or updated controls to reflect modern information systems
• An annex to map controls recommended in 2013 version to present state
  
  

What next?

Proactive organisations should update their existing ISMS’s to align with the revised ISO 27002 Standard. This will stand them in good stead in meeting the requirements of and maintaining compliance with the revised ISO27001.

Whilst there will be a transition period for implementation (possibly to late 2024), Information Security Managers and their organisations will benefit from starting their implementations early, identifying gaps to the new requirements and undertaking any necessary remedial actions. Starting their programmes earlier will also allow for a wider choice when selecting implementation partners where this may be required. Customers, partners, and suppliers will value the assurance derived from dealing with an organisation that takes its information security obligations seriously.