whats new in ISOIEC 27001 2022

What is new in ISO/IEC 27001: 2022 Standard?

The latest and enhanced ISO/IEC 27001 versions were released recently to meet the increasing challenges in the domain of cybersecurity and boost digital reliability. The famous standard across the globe on information security management assists organizations in safeguarding the digital infrastructure, which is crucial in the modern digital world. 

ISO/IEC 27001: 2022 Standard

If you have the responsibility to manage information security, the latest ISO/IEC 27001: 2022 standard release needs you to execute the changes to make that you can have constant compliance and can seamlessly manage your posture of information security with the best business practices and incidental threats through digitization. Even if you have already taken the ISO 27001 : 2022 certification training but you will surely need the assistance for the latest version.

What is new in The ISO 27001: 2022 Standard? 

Various changes are editorial in the new version, such as altering the “global standard” to “doc” entirely and phrase rearrangement to enable them for smooth global translation. 

Changes have also been made to line up with the ISO systematized methodologies. 

  1. Re-structuring of numbers: 

Need of the process definition required to execute the ISMS and its aligned interactions. The definite requirement is to clear roles in the organization for information security inside the organization. 

2. Planning of Changes: Latest Clause 6.3 – 

A latest need to make sure that the organization directs the communication know-how, as clause 7.4 part. Also, organizations need to create the scenario for the process’ implement control and operational process. 

The fundamental alteration, however, implements upgrades to the current controls, according to Annex A, to associate the standard seamlessly with the recent changes for ISO/IEC 27002, which are cybersecurity, information security and privacy protection. 

The updates of the ISO/IEC 27001: 2022 also look upon the risk management enhanced more and more over organizational operations. Henceforth, the new version is more about making information security more direct for the professionals to monitor and analyze the security control properly. 

3. Understanding the fundamental changes in Annex A Controls in ISO 27001: 2022 – 

The control numbers have been lowered to 93 from 114. A few controls are removed, the other 24 have been merged, and 58 have been altered. 11 advanced control of security have been added, created to meet the changing information security and cybersecurity landscape, which are as follows: 

  • A.5.7 Threat intelligence 
    • A.5.23 Information security for the use of cloud services 
    • A.5.30 ICT readiness for business continuity 
    • A.7.4 Physical security monitoring 
    • A.8.9 Configuration management 
    • A.8.10 Information deletion 
    • A.8.11 Data masking 
    • A.8.12 Data leakage prevention 
    • A.8.16 Monitoring tasks 
    • A.8.23 Web filtering 
    • A.8.28 Secure coding  

Henceforth, you can upscale the system of management for seamless work of ISMS and better associate with the advanced context of risks related to security risks and businesses. 

The structure is derived from four core areas. 

  • Technological 
  • Physical 
  • People
  • Organizational 

This contradicts the earlier 14 areas which formulated the standard’s earlier version. 

The new attribute concepts have been brought up: 

Connected with the most used terminology leverage within digital protection, five new attributes have been initiated: 

  • Cybersecurity concepts 
  • Operational capabilities 
  • Control type 
  • Information security properties 
  • Security domains

These will enable the businesses to know their present posture of security and motivate them to opt for the security practices and procedures which will enhance the business operations. 

Empower your posture of information security with upskilling or cybersecurity professionals: 

Businesses that opt for cyberspace transformation and change rapidly evolve as the market leader in the industry and leverage an edge in the market. The latest ISO/IEC 27002 makes sure that the entire organization covers under the cybersecurity umbrella. Upskill or reskill your professionals with Vinsys advanced ISO 27001 training online so that your information security team can better ensure their strategy, lower breaches risk and develop goodwill for your brand, which will ultimately lead to business growth. 

Also Check , ISO 27001 Interview Questions and Answers

Get in touch with us today!

Vinsys, an ISO 9001:2015 certified organization, is a globally acclaimed individual and corporate training provider, has a legacy of empowering professionals with knowledge for 20+ years. Till date, we have enlightened and trained 600,000+ professionals around the world. Today, we have spread our wings across the globe and have footprints in Australia, China, India, Kenya, Malaysia, Oman, Singapore, Tanzania, UAE, and the USA