ISO 27001 2022 vs. 2013 – What’s New, What’s Changed
It’s time to transit from ISO 27001:2013 information security management system standard to ISO 27001:2022.
ISO 27001 is an information security management system standard. It helps organizations to set up a process of managing information security. The ISO 27001 is well known in the international domain and is used as a benchmark for information security management systems. A new version of ISO 27001:2022 has been published on October 25, 2022. The latest version of ISO 27001 includes new updates that include major changes.
The updates are not major and they plan on releasing the new updates in a phased manner. However, the new standard is officially released.
This is a blog to discuss the changes that have been made to the ISO 27001:2022. This is one of the most important standards for information security in the world, and it has had some major updates.
- What are the updates in 2022 to ISO 27001 and ISO 27002?
- How will ISO IEC 27002 2022 impact businesses?
- ISO 27001 2013 vs. 2022 revision – What has changed?
Difference between ISO 27001 2013 and ISO 27001 2022
What are the new changes in ISO 27001 2002?
ISO 27001:2022 update isn't a big departure from ISO 27001:2013, but there are a few changes to security controls, themes, attributes, and the time it'll take to transition over.
Controls
Themes
Years to transit
5 Main changes in the ISO 27001 2022 revision
ISO 27001 2022 has clauses 4 to 10
93 Controls instead of 114
Controls categorized into 4 sections, instead of the previous 14.
11 New Controls in ISO 27001 2022 Now
ISO 27001 2022 Annexure A
Trans
scale of threats and the your budget.
Changes to ISO/IEC 27001:2022 in a Nutshell
ISO 27001 2022 Transition period
As laid out in the “Transition requirements for ISO/IEC 27001:2022” document from the International Accreditation Forum, companies that are already certified to ISO 27001:2013 standards have until October 31, 2025 to complete their transition to the newer ISO 27001:2022 certification compliance.
What Clauses have been changed in ISO 2700 2022 Update?
- Clause 4.2 (Understanding the needs and expectations of interested parties)
- clause 4.4 (Information security management system)
- Clause 5.3 (Organizational roles, responsibilities and authorities)
- Clause 6.2 (Information security objectives and planning to achieve them)
- Clause 6.3 (Planning of changes)
- Clause 7.4 (Communication)
- Clause 8.1 (Operational planning and control)
- Clause 9.3 (Management review), the new item 9.3.2 c)
- Clause 10 (Improvement)
What controls have been introduced to the ISO 27001 2022 revision?
ISO 27001 2022 revision has 11 new controls
- A.5.7 Threat intelligence
- A.5.23 Information security for use of cloud services
- A.5.30 ICT readiness for business continuity
- A.7.4 Physical security monitoring
- A.8.9 Configuration management
- A.8.10 Information deletion
- A.8.11 Data masking
- A.8.12 Data leakage prevention
- A.8.16 Monitoring activities
- A.8.23 Web filtering
- A.8.28 Secure coding