ISO 27001:2022 Update: What’s Changed?

9 Dec, 2022

ISO 27001:2022 arrived in October but what’s changed and what do you need to do now to ensure you are compliant?

What is the current version of ISO 27001?

The newest version of ISO 27001 was released at the end of October 2022 and is now known as ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection. 

Prior to this, ISO 27001 was last updated in 2013.  If you’re currently working to this version, you now have until 31st October 2025 to update your existing system to ISO 27001:2022.  Failure to do so will make your existing certification obsolete. 

Whilst you have three years to complete this transition, we recommend getting started as soon as possible.  This ensures you have plenty of time to work towards compliance with the new version, therefore ensuring you pass your re-certification audit.  In addition, Standards are updated when they are considered to be out of date so moving to ISO 27001:2022 as soon as possible ensures you are carrying out best practice when it comes to protecting your data and systems from threat. 

How Has ISO 27001 Changed?

The biggest change has been to Annex A which has been aligned with the recently updated ISO 27002 Information Technology.  As part of this, ISO 27001 has seen changes in both the number of controls and their groups.  In addition, the title has also changed from ‘Reference Control Objectives and Controls’ to ‘Information Security Controls Reference’.  This means that the reference objectives of the previous control groups have now been removed.

Several other changes can also be found across Clauses 4 to 10 and Clauses 4.2, 6.2, 6.3 and 8.1, in particular, where new content has been added.  Other minor changes include amendments to the terminology and restructuring of sentences and clauses. 

How many ISO 27001 Controls Are there?

The number of ISO 27001 controls has decreased from 114 to 93.  This has predominately come from merging many of them:

  • 57 controls were merged in to 24
  • 23 controls have been renamed
  • 1 control has been divided in to two
  • 35 controls remain the same

There are also 11 new controls:

  1. Threat intelligence
  2. Information security for the use of cloud services
  3. ICT readiness for business continuity
  4. Physical security monitoring
  5. Configuration management
  6. Information deletion
  7. Data masking
  8. Data leakage prevention
  9. Monitoring activities
  10. Web filtering
  11. Secure coding

The 93 controls have also been restructured in to four control groups:

  1. A.5 Organizational Controls (37 controls)
  2. A.6 People Controls (8 controls)
  3. A.7 Physical Controls (14 controls)
  4. A.8 Technological Controls (34 controls)

How do we transition to ISO 27001:2022?  

To understand the changes and how to gain compliance with ISO 27001:2022, we recommend attending one of our ISO 27001 Upgrade Seminars. You can book your place here.

If you’re already an ISO 27001 certification client of ISO QSL, we will be in touch to start your transition.  This process will begin at your annual support visit to ensure you get all the support you need before your re-certification audit.   

If however you have ISO 27001 with an accreditation body such as UKAS or INAB, we can support you through this process with our ISO Consultancy Service.  Accreditation providers are unable to offer any support with the implementation of an ISO system and support from consultants such as ourselves are therefore required to ensure you are compliant prior to your audit. 

How to get ISO 27001 Certified

If you’re interested in implementing ISO 27001, don’t let these changes delay you from getting started.  We have been working through the changes and preparing all the relevant documentation and are now able to start booking visits for new ISO 27001:2022 clients.

To find out more, call our team on 0330 058 551 or request a free, no obligation quote here: https://www.isoqsltd.com/request-a-quote/

You can also learn more about ISO 27001 here: https://www.isoqsltd.com/iso-certification/iso-27001-information-security-management-certification/

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

MAKING A DIFFERENCE ONE GOOD EGG AT A TIME

5 Apr, 2024

The ISO QSL Good Egg Awards returned for its seventh year to support Worcester Foodbank, receiving an outstanding 160 nominations, surpassing all previous records.

Read More

The BS EN 15713:2023 Update

9 Feb, 2024

The new BS EN 15713:2023 has been published.  Here’s everything you need to know about the changes and how to transition from BS EN 15713:2009.

Read More

Good Egg Awards return for the 7th year

31 Jan, 2024

It’s that time of the year again – an opportunity to acknowledge the hard work of your colleagues through our Good Egg Awards.

Read More
Keyboard with a padlock and data privacy printed across the top

Data Privacy and the Role of ISO 27001

22 Jan, 2024

Adopting ISO 27001 demonstrates a commitment to safeguarding stakeholders’ information and enhancing data privacy, here’s how:

Read More