Global information security standard ISO 27001 has been finally updated in October 2022. The new version ISO/IEC 27001: 2022 has been published with new changes to further ensure information security. The information security management system standard has been globally accepted by companies to implement best practices of maintaining cyber security to provide availability as well as the integrity of business information. The new updated version will provide a better framework for promoting the privacy and confidentiality of sensitive data.
ISO 27001 Changes in 2022
After 9 years, ISO 27001: 2013 was finally revised and updated as ISO 27001: 2022 following the requirements of information security management systems.
The significant changes are as follows:
- The number of security controls in Annex A regrouped from 114 to 93
- The number of sections or domains in Annex A changed from 14 to 4
- 3 controls have been deleted
In the previous version, security controls were divided into 14 chapters. However, the new version includes 4 chapters or domains containing security controls divided based on building information security capability.
The four domains are as follows:
- Chapter 5 – Organizational consists of 37 controls
- Chapter 6 – People consists of 8 controls
- Chapter 7 – Physical consists of 14 controls
- Chapter 8 – Technological consists of 34 controls
The new ISO/IEC 27001: 2022 also includes significant changes in controls:
- The new version consists of 23 controls being renamed, 35 controls being unchanged and 57 controls being merged into 24 controls.
- Technical Compliance Review, i.e. Control 18.2.3 has been split into 2 separate controls: 8.8 – Management of Technical Vulnerabilities and 5.3.6 – Conformity of Policies & Standards of Information Security.
Also, the new version includes 11 new controls:
- Physical security monitoring
- Threat intelligence
- Monitoring activities
- Data masking
- ICT readiness for business continuity
- Information security for cloud services
- Prevention of data leakage
- Information deletion
- Web filtering
- Configuration management
- Secure coding
New updates will not create any kind of impact on the existing ISO 27001 standard certification. Certification companies and accreditation bodies will work together to efficiently shift the ISO certification to the current version without creating any issues for organizations.
We, a CERT-In empanelled agency, is the most preferred cyber security advisor which supports key public as well as private sector enterprises in the industry delivering state-of-the-art solutions on vulnerability assessment and penetration testing (VAPT), managed security services, web application audit, NoC, SoC, SIEM/SOAR and other security solutions. We offer implementation and certification of ISO 27001, ISO 9001, ISO 14001, OHSAS 18000, ISO 31000, Cmmi Level 3 & 5, PCI – DSS, etc. We also offer Virtual CISO services to your organization through specialized cyber security expertise in developing a stable security program and reducing cyber vulnerabilities and risks. Our Anti-Ransomware Readiness (ARR) Audit is a combination of active and passive non-intrusive techniques that delivers a strong technical process to an organization to mitigate ransomware threats.
Do check our website www.primeinfoserv.com for more details or write us at info@primeinfoserv.com or contact us at +913340085677 for cyber security queries.