ISO 27001 is a globally recognised information security standard that helps organisations protect their critical data and comply with data protection laws and regulations. The standard was first published in 2005, and it has been updated a few times over the years. In 2022, the ISO 27001 standard will be revised again, and there will be some significant changes.
This article will discuss the changes that are coming in 2022 and highlight some benefits of ISO 27001 certification.
Changes to ISO 27001
There are a lot of changes coming to ISO 27001 in 2022. Some of the most notable changes include:
- Name change: The standard will be renamed to ISO 27001:2022. This renaming is in line with the latest edition of the ISO 27000 series, which is also being updated in 2022.
- Control changes: Unlike ISO 27002:2013, which has 114 controls, ISO 27002:2022 now has 93 controls. This is because some were deleted due to duplication or merged with other controls for better alignment. There will also be 11 new controls.
- Some terms have been removed or replaced: The terms ‘Code of Practice’ and “control objectives” have been removed.
- Greater emphasis on cyber risks: Cyber risks will now receive greater attention in ISO 27001:2022, and organisations will need to take steps to protect their networks and systems from cyberattacks.
- Clause 6.1.3 d) update: The wordings in this clause have been improved to provide clarity and eliminate ambiguity.
Overall, these changes will make the standard more relevant and up to date with the latest security threats and technologies. They will also make it easier for organisations to comply with the standard.
What Does This Mean for Organisations?
If your organisation is certified to ISO 27001:2013, you will need to update your certification to comply with the revised standard in 2022. The good news is that the changes that are coming in 2022 are minor, and most organisations should be able to make the updates without too much difficulty. Furthermore, certified organisations will have a two-year transition period to update their certification to conform to the new version
You Were Preparing to Certify to ISO 27001. Should You Wait Till the 2022 Version Is Released?
No! Although the ISO 27001:2022 standard is not yet released, organisations should not wait to certify. Not certifying could leave your organisation at risk and put you at a disadvantage compared to competitors.
The Ten Benefits of ISO 27001 Certification
There are many benefits to achieving ISO 27001 certification, including:
- Improved security posture: ISO 27001 certification shows that your organisation takes information security seriously and implements best practises to protect its data. This can help reduce the risk of a data breach and improve your organisation’s reputation.
- Compliance with data protection laws: By achieving ISO 27001 certification, your organisation will comply with data protection laws and regulations in countries where the standard is accepted. This can help reduce the risk of fines and penalties for noncompliance.
- Improved business efficiency: ISO 27001 certification helps organisations improve their business processes by identifying and addressing information security risks. This can lead to improved productivity and reduced costs.
- Reduced IT expenses: Implementing ISO 27001 can help organisations reduce their IT expenses by improving data security and reducing the number of data breaches.
- Increased competitiveness: ISO 27001 certification can give organisations a competitive edge over their competitors by demonstrating that they have met the highest standards for information security.
Get ISO Certification
Is your organisation looking to become ISO 27001 certified but don’t know where to begin? Get in touch with Best Practice and we can help start your ISO journey in 2022.