9 Dec, 2022
ISO 27001:2022 arrived in October but what’s changed and what do you need to do now to ensure you are compliant?
The newest version of ISO 27001 was released at the end of October 2022 and is now known as ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection.
Prior to this, ISO 27001 was last updated in 2013. If you’re currently working to this version, you now have until 31st October 2025 to update your existing system to ISO 27001:2022. Failure to do so will make your existing certification obsolete.
Whilst you have three years to complete this transition, we recommend getting started as soon as possible. This ensures you have plenty of time to work towards compliance with the new version, therefore ensuring you pass your re-certification audit. In addition, Standards are updated when they are considered to be out of date so moving to ISO 27001:2022 as soon as possible ensures you are carrying out best practice when it comes to protecting your data and systems from threat.
The biggest change has been to Annex A which has been aligned with the recently updated ISO 27002 Information Technology. As part of this, ISO 27001 has seen changes in both the number of controls and their groups. In addition, the title has also changed from ‘Reference Control Objectives and Controls’ to ‘Information Security Controls Reference’. This means that the reference objectives of the previous control groups have now been removed.
Several other changes can also be found across Clauses 4 to 10 and Clauses 4.2, 6.2, 6.3 and 8.1, in particular, where new content has been added. Other minor changes include amendments to the terminology and restructuring of sentences and clauses.
The number of ISO 27001 controls has decreased from 114 to 93. This has predominately come from merging many of them:
There are also 11 new controls:
The 93 controls have also been restructured in to four control groups:
To understand the changes and how to gain compliance with ISO 27001:2022, we recommend attending one of our ISO 27001 Upgrade Seminars. You can book your place here.
If you’re already an ISO 27001 certification client of ISO QSL, we will be in touch to start your transition. This process will begin at your annual support visit to ensure you get all the support you need before your re-certification audit.
If however you have ISO 27001 with an accreditation body such as UKAS or INAB, we can support you through this process with our ISO Consultancy Service. Accreditation providers are unable to offer any support with the implementation of an ISO system and support from consultants such as ourselves are therefore required to ensure you are compliant prior to your audit.
If you’re interested in implementing ISO 27001, don’t let these changes delay you from getting started. We have been working through the changes and preparing all the relevant documentation and are now able to start booking visits for new ISO 27001:2022 clients.
To find out more, call our team on 0330 058 551 or request a free, no obligation quote here: https://www.isoqsltd.com/request-a-quote/.
You can also learn more about ISO 27001 here: https://www.isoqsltd.com/iso-certification/iso-27001-information-security-management-certification/
ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.
Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.