ISO 27001:2022 Update: What’s Changed?

9 Dec, 2022

ISO 27001:2022 arrived in October but what’s changed and what do you need to do now to ensure you are compliant?

What is the current version of ISO 27001?

The newest version of ISO 27001 was released at the end of October 2022 and is now known as ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection. 

Prior to this, ISO 27001 was last updated in 2013.  If you’re currently working to this version, you now have until 31st October 2025 to update your existing system to ISO 27001:2022.  Failure to do so will make your existing certification obsolete. 

Whilst you have three years to complete this transition, we recommend getting started as soon as possible.  This ensures you have plenty of time to work towards compliance with the new version, therefore ensuring you pass your re-certification audit.  In addition, Standards are updated when they are considered to be out of date so moving to ISO 27001:2022 as soon as possible ensures you are carrying out best practice when it comes to protecting your data and systems from threat. 

How Has ISO 27001 Changed?

The biggest change has been to Annex A which has been aligned with the recently updated ISO 27002 Information Technology.  As part of this, ISO 27001 has seen changes in both the number of controls and their groups.  In addition, the title has also changed from ‘Reference Control Objectives and Controls’ to ‘Information Security Controls Reference’.  This means that the reference objectives of the previous control groups have now been removed.

Several other changes can also be found across Clauses 4 to 10 and Clauses 4.2, 6.2, 6.3 and 8.1, in particular, where new content has been added.  Other minor changes include amendments to the terminology and restructuring of sentences and clauses. 

How many ISO 27001 Controls Are there?

The number of ISO 27001 controls has decreased from 114 to 93.  This has predominately come from merging many of them:

  • 57 controls were merged in to 24
  • 23 controls have been renamed
  • 1 control has been divided in to two
  • 35 controls remain the same

There are also 11 new controls:

  1. Threat intelligence
  2. Information security for the use of cloud services
  3. ICT readiness for business continuity
  4. Physical security monitoring
  5. Configuration management
  6. Information deletion
  7. Data masking
  8. Data leakage prevention
  9. Monitoring activities
  10. Web filtering
  11. Secure coding

The 93 controls have also been restructured in to four control groups:

  1. A.5 Organizational Controls (37 controls)
  2. A.6 People Controls (8 controls)
  3. A.7 Physical Controls (14 controls)
  4. A.8 Technological Controls (34 controls)

How do we transition to ISO 27001:2022?  

To understand the changes and how to gain compliance with ISO 27001:2022, we recommend attending one of our ISO 27001 Upgrade Seminars. You can book your place here.

If you’re already an ISO 27001 certification client of ISO QSL, we will be in touch to start your transition.  This process will begin at your annual support visit to ensure you get all the support you need before your re-certification audit.   

If however you have ISO 27001 with an accreditation body such as UKAS or INAB, we can support you through this process with our ISO Consultancy Service.  Accreditation providers are unable to offer any support with the implementation of an ISO system and support from consultants such as ourselves are therefore required to ensure you are compliant prior to your audit. 

How to get ISO 27001 Certified

If you’re interested in implementing ISO 27001, don’t let these changes delay you from getting started.  We have been working through the changes and preparing all the relevant documentation and are now able to start booking visits for new ISO 27001:2022 clients.

To find out more, call our team on 0330 058 551 or request a free, no obligation quote here: https://www.isoqsltd.com/request-a-quote/

You can also learn more about ISO 27001 here: https://www.isoqsltd.com/iso-certification/iso-27001-information-security-management-certification/

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Ethos Group Become a SSAFA Corporate Partner

11 Apr, 2023

When we heard the news that Ethos Group had become Corporate Partners of fellow clients SSAFA, we wanted to share the amazing work they’ve been doing for the defence and armed forces community. 

Read More

Egg-cellent Support for Worcester Foodbank

4 Apr, 2023

The ISO QSL Good Egg Awards returned once again to support Worcester Foodbank, receiving an egg-cellent response of over 150 nominations.

Read More

The Return of ISO QSL Annual Charity Golf Day!

4 Apr, 2023

We are thrilled to announce the return of our annual charity Golf Day on Tuesday 13th June at Bransford Golf Club. It’s not just a Golf Day. This event is all about raising money for Midlands Air Ambulance Charity!

Read More

Recognise Your Good Eggs!

30 Jan, 2023

Yes, it’s that time of year again, your chance to recognise your egg-ceptional colleagues in our Good Egg Awards.

Read More