Scribd
Upload
1K views5 pages

2022 Update - ISO 27001 Information Security Management Standard - BSI

The document discusses updates to the ISO/IEC 27001 standard for information security management. The standard was revised to address new digital business practices and risks. Key changes include restructuring controls into four main areas and decreasing the total number of controls from 114 to 93.

Uploaded by

Tee Bee Lay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views5 pages

2022 Update - ISO 27001 Information Security Management Standard - BSI

The document discusses updates to the ISO/IEC 27001 standard for information security management. The standard was revised to address new digital business practices and risks. Key changes include restructuring controls into four main areas and decreasing the total number of controls from 114 to 93.

Uploaded by

Tee Bee Lay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

GO

(/en-gb/contact-us/)

SHARE

(https://twitter.com/intent/tweet?text=2022%20update%20-
%20ISO%2027001%20Information%20Security%20Management%20standard&url=https://www.bsigroup.com/en-
gb/iso-27001-information-security/isoiec-27001-revision/)

(https://www.linkedin.com/sharing/share-offsite/?
url=https://www.bsigroup.com/en-gb/iso-27001-information-
security/isoiec-27001-revision/)

(https://www.facebook.com/sharer/sharer.php?
u=https://www.bsigroup.com/en-gb/iso-27001-information-
security/isoiec-27001-revision/)

(mailto:?subject=2022%20update%20-
%20ISO%2027001%20Information%20Security%20Management%20standard&body=https://www.bsigroup.com/en-
gb/iso-27001-information-security/isoiec-27001-revision/)

The new ISO/IEC 27001:2022 standard

The new ISO/IEC 27001:2022 standard

The global digital landscape is changing. New business practices, such as remote working, “bring your own device”
and Industry 4.0 to name a few, have become widespread, and core business practices are increasingly cloud-based
and digitally reliant.
In response, the ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Controls for Information
Security standards have been updated to reflect this evolution.

These updates provide more robust controls, enabling your organization to address increasingly sophisticated security
risks, ensure business continuity, and gain a competitive advantage. Understanding these changes and their impact
on your organization as soon as possible will ensure your information remains protected, and that you continue to
maximize your competitive edge.
Watch the ISO/IEC 27001:2022 video to understand the changes

This content is blocked as you have not accepted cookies.

Click here to accept/edit cookies.

Click here to open content in a new window >

On-demand webinar

Secure your information in the new digital age with ISO/IEC 27001:2022

To find out more about the new revision to this standard watch our on-demand webinar

Changes to the ISO/IEC 27001 standard

There are editorial changes, including:

“International standard” replaced with “document” throughout


Re-arranging of some English phrases to allow for easier translation

There are also changes to align with the ISO harmonized approach:

Numbering re-structure
Requirement to define processes needed for implementing the ISMS and their interactions
Explicit requirement to communicate organizational roles relevant to information security within in the
organization
New clause 6.3 – Planning of Changes
New requirement to ensure the organization determines how to communicate as part of clause 7.4
New requirements to establish criteria for operational processes and implementing control of the processes

Key changes in this revision come in Annex A, reflecting the changes made in ISO/IEC 27002:2022. These changes
are:

The structure has been consolidated into four key areas


Organizational, People, Physical and Technological instead of 14 in the previous edition
Controls listed have decreased from 114 to 93
Some controls have been merged, some have been removed, new ones have been introduced, and others
updated
The concept of attributes has been introduced
Aligned with common terminology used within digital security, these five attributes are: Control type, Information
security properties, Cybersecurity concepts, Operational capabilities, and Security domains
ISO/IEC 27001:2022 Roadshow - Transition

Learn about the updates to the ISO/IEC 27001:2022 standard with David Mudd, Assurance
Global Head of Digital Trust and Christian Perry, Client Manager.

Strengthen your information security posture

By completing the transition and adopting the ISO/IEC 27001:2022 standard, you strengthen your organization’s
information security posture, support your digitization strategy, reduce the risks of information breaches, build trust in
your brand, and build your organization's information resilience.

Making a smooth ISO/IEC 27001 transition

BSI is ready to support you now, from helping you understand the changes, to checking the impact on your
organization, implementing, and finally transitioning your certification.

During your transition audit, your BSI auditor's experience and knowledge of your processes, activities, and
organization will help you identify any gaps and opportunities for improvement. In addition, we’ll help you leverage
what you are doing well to strengthen your information security processes.

Case Study: BSI’s first UK client to transition

E-Accounting Solutions Ltd. t/a AdvanceTrack Outsourcing became the first organization
certified by BSI in the UK, and one of the first ten globally certified by BSI, to successfully
complete a transition assessment against the new version of ISO/IEC 27001 Information
Security Management Systems. AdvanceTrack Outsourcing provides financial, accounting,
bookkeeping and taxation services.

Buy today

Browse our information security management standards to help your organization manage and protect your
information assets.
Get a quote

Request a quote to transition your existing certification to the 2022 revision, or to audit your organization’s readiness
for the new standard.

Training

Increase your knowledge with the BSI Academy.


Switching providers

If you’re looking to change your Certification Body for ISO/IEC 27001, then we can help you with a smooth transition.

Additional resources
View our ISO/IEC 27001:2022 Transition journey guide >

(/globalassets/localfiles/en-gb/iso-27001/pdf/v0.8_bsi_iso-27001-inforgraphic.pdf)

Learn more about ISO/IEC 27002 >

(/en-gb/iso-27002-information-security-controls/)

Watch the ISO/IEC 27002 update on demand webinar >

(https://www.youtube.com/watch?v=1ZAnNSc5WHo)

ISO/IEC 27001:2022 What’s changed? >

(/globalassets/localfiles/en-gb/iso-27001/iso-iec-27001-2022-whats-changed.pdf)

FAQ ISO/IEC 27001: 2022 >

(/globalassets/localfiles/en-gb/iso-27001/faq-iso-iec-27001-2022.pdf)

SHARE

(https://twitter.com/intent/tweet?text=2022%20update%20-%20ISO%2027001%20Information%20Security%20Management%20standard&url=https://www.bsigroup.com/en-gb/iso-27001-information-
security/isoiec-27001-revision/)

(https://www.linkedin.com/sharing/share-offsite/?url=https://www.bsigroup.com/en-gb/iso-27001-information-security/isoiec-27001-revision/)

(https://www.facebook.com/sharer/sharer.php?u=https://www.bsigroup.com/en-gb/iso-27001-information-security/isoiec-27001-revision/)

(mailto:?subject=2022%20update%20-%20ISO%2027001%20Information%20Security%20Management%20standard&body=https://www.bsigroup.com/en-gb/iso-27001-information-security/isoiec-27001-revision/)

© The British Standards Institution 2023

Impartiality is the governing principle of how BSI provides its services. Impartiality means acting fairly and equitably in its dealings with people and in all
business operations. It means decisions are made free from any engagements of influences which could affect the objectivity of decision making.

As an accredited certification body, BSI Assurance cannot offer certification to clients where they have also received consultancy from another part of
the BSI Group for the same management system. Likewise, we do not offer consultancy to clients when they also seek certification to the same
management system.

The British Standards Institution (BSI, a company incorporated by Royal Charter), performs the National Standards Body (NSB) activity in the UK. BSI,
together with its Group Companies, also offers a broad portfolio of business solutions other than NSB activity that help businesses worldwide to improve
results through Standards-based best practice (such as certification, self-assessment tool, software, product testing, information products and training).

You might also like