ISO 27001:2022 Update: What’s Changed?

9 Dec, 2022

ISO 27001:2022 arrived in October but what’s changed and what do you need to do now to ensure you are compliant?

What is the current version of ISO 27001?

The newest version of ISO 27001 was released at the end of October 2022 and is now known as ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection. 

Prior to this, ISO 27001 was last updated in 2013.  If you’re currently working to this version, you now have until 31st October 2025 to update your existing system to ISO 27001:2022.  Failure to do so will make your existing certification obsolete. 

Whilst you have three years to complete this transition, we recommend getting started as soon as possible.  This ensures you have plenty of time to work towards compliance with the new version, therefore ensuring you pass your re-certification audit.  In addition, Standards are updated when they are considered to be out of date so moving to ISO 27001:2022 as soon as possible ensures you are carrying out best practice when it comes to protecting your data and systems from threat. 

How Has ISO 27001 Changed?

The biggest change has been to Annex A which has been aligned with the recently updated ISO 27002 Information Technology.  As part of this, ISO 27001 has seen changes in both the number of controls and their groups.  In addition, the title has also changed from ‘Reference Control Objectives and Controls’ to ‘Information Security Controls Reference’.  This means that the reference objectives of the previous control groups have now been removed.

Several other changes can also be found across Clauses 4 to 10 and Clauses 4.2, 6.2, 6.3 and 8.1, in particular, where new content has been added.  Other minor changes include amendments to the terminology and restructuring of sentences and clauses. 

How many ISO 27001 Controls Are there?

The number of ISO 27001 controls has decreased from 114 to 93.  This has predominately come from merging many of them:

  • 57 controls were merged in to 24
  • 23 controls have been renamed
  • 1 control has been divided in to two
  • 35 controls remain the same

There are also 11 new controls:

  1. Threat intelligence
  2. Information security for the use of cloud services
  3. ICT readiness for business continuity
  4. Physical security monitoring
  5. Configuration management
  6. Information deletion
  7. Data masking
  8. Data leakage prevention
  9. Monitoring activities
  10. Web filtering
  11. Secure coding

The 93 controls have also been restructured in to four control groups:

  1. A.5 Organizational Controls (37 controls)
  2. A.6 People Controls (8 controls)
  3. A.7 Physical Controls (14 controls)
  4. A.8 Technological Controls (34 controls)

How do we transition to ISO 27001:2022?  

To understand the changes and how to gain compliance with ISO 27001:2022, we recommend attending one of our ISO 27001 Upgrade Seminars. You can book your place here.

If you’re already an ISO 27001 certification client of ISO QSL, we will be in touch to start your transition.  This process will begin at your annual support visit to ensure you get all the support you need before your re-certification audit.   

If however you have ISO 27001 with an accreditation body such as UKAS or INAB, we can support you through this process with our ISO Consultancy Service.  Accreditation providers are unable to offer any support with the implementation of an ISO system and support from consultants such as ourselves are therefore required to ensure you are compliant prior to your audit. 

How to get ISO 27001 Certified

If you’re interested in implementing ISO 27001, don’t let these changes delay you from getting started.  We have been working through the changes and preparing all the relevant documentation and are now able to start booking visits for new ISO 27001:2022 clients.

To find out more, call our team on 0330 058 551 or request a free, no obligation quote here: https://www.isoqsltd.com/request-a-quote/

You can also learn more about ISO 27001 here: https://www.isoqsltd.com/iso-certification/iso-27001-information-security-management-certification/

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Tree which is half green and half dying on land which is half cracked earh and half healthy green grass

5 Ways to Support Employees with Climate Anxiety

7 Dec, 2023

With 3 in 4 adults reportedly ‘feeling worried about climate change’, here are five ways you can support climate anxiety in your employees.

Why Technology Could be Your Greatest Strength and Biggest Risk

17 Oct, 2023

In this guest article with Duncan Sutcliffe from Sutcliffe & Co Insurance Brokers, we look at why brokers are talking about cyber and data insurance, and the growth in demand for cyber security and information security standards like ISO 27001.

ISO QSL Bingo Box Challenge Is Back!

2 Oct, 2023

We are thrilled to announce the return of our Bingo Box challenge for the 6th time! Foodbanks, the lifelines for countless families, are grappling with unprecedented demand, leaving their shelves empty and their resources stretched thin.

Reduce, Reuse, Recycle

ISO 14001 Is Just About Recycling… Isn’t It?

19 Sep, 2023

The days of checking bins have gone! Find out how ISO 14001 has changed with the times.