ISO 27001:2022
ISO 27001 is the most comprehensive international framework for managing information security within an organization.
The updated version of ISO 27001, released in October 2022, is a response to the evolving global security challenges.
Cybercrime is becoming increasingly sophisticated and severe. According to the World Economic Forum’s Global Cybersecurity Outlook, cyber attacks increased by 125% in 2021, with further growth expected. As a result, organizations must adopt a strategic approach to cyber risks.
The 2022 version of ISO 27001 introduces numerous updates and benefits:
- Increased business opportunities
- Reduction of potential risks from fraud, data loss, and data breaches
- Compliance with laws and European practices
- Protection of information from unauthorized access and potential misuse
- Proof that acquired information is stored, used, and distributed in accordance with data protection laws
In this new version, security controls are now divided into four chapters, compared to the previous 14:
- Chapter 5: Organization (37 controls)
- Chapter 6: People (8 controls)
- Chapter 7: Physical (14 controls)
- Chapter 8: Technology (34 controls)
ISO/IEC 27001:2022 contains changes to the number of controls. There are now 93 controls, with 11 new ones, 23 renamed, 57 reallocated into 24, and 35 unchanged.
The 11 new controls cover: threat intelligence, cloud service security, ICT business continuity readiness, physical security monitoring, configuration management, data deletion, data masking, data leakage prevention, activity monitoring, web filtering, and secure coding.
The transition period to the new 2022 version of ISO 27001 lasts for three years from its release date. The deadline for this transition is October 31, 2025.
Having an active ISO 27001 certificate demonstrates your commitment and compliance with global best practices, showing your customers and stakeholders that your company’s information security is developed to the highest standards.