Photo from Unsplash
Originally Posted On: https://tesserent.com/insights/blog/upgrade-of-industry-recognised-iso-27001-information-security-standard
ISO/IEC 27001 2022 Information Security, Cybersecurity and Privacy Protection – Information Security Management Systems – Requirements is the updated version from the 2013 standard.
Join our Experts on Wednesday, 7th December at 10:30am AEDT to uncover what it means to you and your business.
What does it mean?
The standard has been updated to reflect the evolution of the universal cybersecurity landscape, and evolving business practices such as remote working, bring your own device, and reliance on cloud services.
The changes made in ISO/IEC 27001 are:
- Controls categorise into 4 key areas (instead of 14 in the previous version)
- Organisational
- People
- Physical
- Technological
- Number of controls have decreased from 114 to 93
- 11 new controls have been introduced
- 24 controls have been merged
- 58 controls were updated
The new version also introduced 5 new attributes for each control. These are aligned to common industry practices used for information security and cybersecurity, risk management, and business resilience. The attributes should provide clearer guidance for your organisation to select the most appropriate controls based on the context of your organisation, as well as risk profile.
Given clients now use several industry standards and frameworks, mapping of controls for mitigating risks should be simpler given the introduction of these attributes.
How to prepare for the transition?
Whilst there will be a transition period for clients, the adoption of the new standard sooner will improve your information security maturity level. The new version considers recent changes to business practices thereby supporting your digital strategy, reduces the risks of information breaches, builds trust in your brand, and builds resilience in your organisation’s information systems.
How we help you?
We can assist you with the transition process, through the knowledge and experience of our industry leading practitioners. Our understanding of organisational processes, business functions, and business systems will help identify opportunities for improvement and leverage what you are doing well to strengthen your information security posture. We can support you in embedding the new Standard across your organisation with training and practical advisory services to ensure that the full benefits of this important change are communicated and realised within your Information Security Management System.
Take advantage of this opportunity and leverage our expertise and improve the effectiveness of your Information Security Management System.
