Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
Home Business ISO 27001 changes that businesses need to be aware of in 2022

ISO 27001 changes that businesses need to be aware of in 2022

by jcp
Editorial & Advertiser disclosure

By Alan Calder, Founder and Chief Executive Office, GRC International Group and IT Governance

The International Organization for Standardization (ISO) is releasing a new version of ISO 27001, which is expected to be launched in September.

The first iteration of the Standard was released in 2005 to provide organisations with an international standard for information security. ISO 27001 has a review cycle of five to seven years, but it has been nine years since the last iteration in 2013.

The Standard takes a risk-based approach to information security, requiring organisations to identify information security risks and select appropriate controls to tackle them. The latest changes bring subtle updates to the framework to allow organisations to effectively implement the Standard and identify controls to prevent emerging threats.

What’s new in ISO 27001:2022?

In the grand scheme of things, there is little new in ISO 27001:2022. The majority of changes apply to the control selection, which better reflects modern threats and information environments. This is reflected in ISO 27002:2022 – the companion standard to ISO 27001 – which was released in February.

What we do know of changes to ISO 27001 is that they are subtle and should present little difficulty to organisations with an existing information security management system (ISMS) built to ISO 27001 specifications.

How can businesses comply with the 2022 version?

Once the 2022 version is published, organisations certified to ISO 27001 will have a two-year period to transition to the new version. This means that organisations won’t have to comply with ISO 27001:2022 until 2024.

For organisations that already have good information security processes in place, achieving certification can be fairly straightforward – it is simply a matter of conducting a gap analysis to identify gaps against the new version of the Standard and potentially implementing new controls and measures.

For organisations implementing ISO 27001 for the first time, it will require a fundamental shift in approach: a willingness from the board and senior management to not only build the right framework but also get new processes embedded in the business, and improve people’s awareness and understanding of good information security behaviour.

How can ISO 27001 benefit businesses?

The world is changing – and the ability to demonstrate a high level of information security is directly related to an organisation’s reputation, trust, and ability to offer secure products and services. This ability is threatened by cyber criminals, increasingly dispersed workforces and growing regulatory burdens.

Avoiding regulatory fines is just one small aspect of business risk; it is accompanied by risks to an organisation’s fundamental need to sell products and services. The ability to attract customers and safeguard information throughout a supply chain will increasingly depend upon robust and – critically – certified security postures. ISO 27001 is a baseline for information security that enables your business to demonstrate its cyber security commitment to customers and business partners alike.


You may also like