In the digital age we live in, ensuring the security of information is critical. ISO 27001 and ISO 27002 are international standards that help organizations implement effective information security management systems. In this blog we tell you more about the latest changes after nine years. The courses ISO/IEC 27001 auditor en ISO/IEC 27001 Foundation are also based on the latest 2022 standard.
ISO 27002: The supporting guideline
It is important not to confuse ISO 27001 with ISO 27002. ISO27002 is a supporting guideline that provides detailed security checks and recommendations for implementing information security. In October 2022, the revision ISO 27001: 2022 published, with a new structure of 93 security controls.
Important changes in ISO 27001:2022
The review ISO 27001: 2022 generally shows minor to moderate changes compared to the previous 2013 revision.
- Changes in clauses: The clauses, concerning various clauses 4 to 10, have been clarified and adapted in terms of process planning and role communication. The text of the mandatory clauses has been slightly modified to better align with ISO 9001, ISO 14001 and other ISO management standards.
- Changes in Annex A: Annex A, which describes the security controls, has been streamlined and reduced from 114 to 93 controls. These controls are divided into 4 sections, previously there were 14. Most of the controls have remained the same, 23 controls have been renamed, 57 controls have been merged, 1 control has been split into 2 controls and a total of 11 new controls have been introduced .
Essential role of ISO 27001 and ISO 27002
ISO/IEC 27001 and ISO/IEC 27002 play an essential role in ensuring the information security of organizations. With the recent revisions to ISO 27001:2022, the standard has further evolved to better align with other ISO management standards and provide greater clarity and ease of use. It is important for organizations to understand and implement these standards to ensure a robust information security management system and reduce the risks of data breaches.
At D-ICT Solutions we already offer the training for ISO 27001: 2022 version, do you want to know more about this? Look at the overview page Quality & Safety for our wide range of various courses and training!
The author of this article is a training consultant at D-ICT Solutions. Together with the certified trainers, interim managers, coaches and other personnel of D-ICT Solutions (Secondment, Interim Management, Consultancy and Training) leading in the field of certified training worldwide in various Process, Project, Service and quality management techniques such as ITIL , ISO, PRINCE2, Agile, Lean Six Sigma, BiSL and many others.