October 2022

ISO/IEC 27001:2022 Published on 25 October

On 25 October 2022, the International Organization for Standardization published the latest version of ISO 27001 and updated its title to ‘Information security, cybersecurity and privacy protection — Information security management systems — Requirements’. In line with its title, this latest version of ISO 27001 reflects a broader context and that preventing, detecting and responding to cyberattacks is now considered, as well as protecting information and data.

The 2022 version of the Standard provides the updated requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of your organisation.

What are the key changes?

The major change to the Standard has been the incorporation of the control set from ISO 27002:2022 into Annex A of ISO 27001:2022. Naturally, threats change over time and the new Annex A controls reflect some of the threats that have emerged since the 2013 version was published, e.g., the increasing range of cyber-related threats and moves towards home and remote working.

There have also been a number of changes to the management system clauses, with the goal of making some of the requirements more explicit and improving the alignment (structure, terms and definitions) with other Annex SL standards, such as ISO 9001 and ISO 22301.

How URM can help

URM is ideally placed to help organisations certify against the updated Standard. Should you already be certified to ISO 27001:2013, we can provide you with the following practical support to help you quickly and seamlessly transition to the 2022 version of the Standard:

Consultancy services where we will work with you in a bespoke manner to prepare for, and successfully transition to, the 2022 version of the Standard
1-day ISO 27002:2022 Control Migration and our 2-day ISO 27001:2022 Transition training courses
Automated risk assessment tool Abriska, which has been updated with the new control set (see webinar 2 November)

Not certified?

If you are not certified, now has never been a better time to develop an information security management system and achieve certification. If you would like to understand more about the benefits and what’s involved in implementing ISO 27001, please register your interest here and we will be in touch.

URM holds free seminars and webinars for end-user organisations focusing on information security.

Find out more

Latest BLog

Governance, Risk Management and Compliance

Information Security

PCI DSS

PCI DSS v4.0: Forced Password Changes and Zero Trust Architecture

Latest update:

3 May

2024

URM’s blog drills down into the PCI DSS v4.0 requirements around forced password changes, with a particular focus on the addition of zero-trust architecture.

Information Security

updateD:

3/5/2024

PCI DSS v4.0: Network Security Controls

URM’s blog explains the wording changes in Requirement of the PCI DSS v4.0, offering advice on how organisations can select and use the most appropriate NSCs.

Information Security

updateD:

22/4/2024

Planning Your ISO 27001 Audit Programme

URM’s blog drills down into ISO 27001 audits, offering advice on how to effectively develop and implement an ISO 27001 conformant audit programme.

Data Protection

updateD:

12/4/2024

Data Protection Considerations for Artificial Intelligence (AI)

URM’s blog discusses the data protection considerations for utilising AI technologies, and how organisations can stay GDPR compliant in their use of AI.

URM were super helpful and knowledgeable, talking and walking me through each one of the tests and providing some useful information on security and how to improve things in the future.

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.