How it Works
Toolkit
Loading...
I
Loading...
Loading...
ISO27001
User Manual
12 pgs1.58 Mb0

Toolkit ISO27001 User Manual

24 September 2022
ISO27001 2022: Everything you need to know
hightable.io/iso-27001-2022-everything-you-need-to-know
ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information Security Management Systems Requirements
In this article we lay bare the changes to the ISO 27001 standard that happened in 2022 We show you exactly what changed in the ISO27001:2022 update. I am Stuart Barker the ISO27001 Ninja and this is everything you need to know about the ISO27001 2022 update.
What is ISO/IEC 27001:2022?
1/12
ISO27001 is the international standard for information security. It is an Information Security Management Systems (ISMS) and an organisation will seek ISO27001 Certification. ISO/IEC 27001:2022 is the much anticipated 2022 update to the standard.
What has changed in the new version of ISO/IEC 27001:2022?
Very little has change in ISO/IEC 27001:2022. Minor word changes, 1 new clause, 5 new sub clauses and the number of 2 clauses has swapped.
What do I need to know about the new version of ISO27001?
You need to know that you do not need to panic. This is not a revolution. It is barely an evolution. The main focus seems to be to align the numbering and address the fact the date of the last major revision was 2013.
What should I do for the new version of ISO27001?
The first thing you should do for the new version of ISO27001 is not panic. Very little has changed. Now the new version is in final release get yourself a copy.
The new ISO/IEC 27001:2022 with changes listed
Here we list the summary changes to the ISO27001 standard.
2/12
ISO/IEC 27001:2022
ISO/IEC 27001:2022 Clause 4 Context of the Organization
ISO/IEC 27001:2022 Clause 4.1 Understanding the organization and its context
No Change
ISO/IEC 27001:2022 Clause 4.2 Understanding the needs and expectations of interested parties
There is no real change to ISO 27001 clause 4.2 for the 2022 update. It has clarified that you will now determine which of the identified requirements will be addressed through the information security management system rather than implying it.
ISO/IEC 27001:2022 Clause 4.3 Determining the scope of the information security management system
Not a massive change to ISO 27001 Clause 4.3 in the 2022 update as the only thing it does is remove the word ‘and’ from
4.3 b. Great isn’t it?
ISO/IEC 27001:2022 Clause 4.4 Information security management system
Well they now refer through the standard to this ‘document’ rather than this ‘international standard’. So replace the words ‘international standard’ with the word ‘document. They have added into the sentence the term – ‘including the processes needed and their interactions’ to be absolutely crystal clear that processes are included, rather than implying it. In essence, nothing has changed. It is clarification of wording.
ISO/IEC 27001:2022 Clause 5 Leadership
ISO/IEC 27001:2022 Clause 5.1 Leadership and commitment
No Change
ISO/IEC 27001:2022 Clause 5.2 Policy
No Change
ISO/IEC 27001:2022 Clause 5.3 Organisational roles, responsibilities and authorities
The changes to ISO 27001 clause 5.3 for the 2022 update are minor at best. Changing the word ‘International Standard’ to the word ‘document’ and adding clarification that communication is within the organisation as was always implied but never said out right. Nothing material.
ISO/IEC 27001:2022 Clause 6 Planning
3/12
ISO/IEC 27001:2022 Clause 6.1 Actions to address risks and opportunities
No Change
ISO/IEC 27001:2022 Clause 6.1.1 General
Brace yourself. The massive update was to remove the word ‘and’ from 6.1.1 b.
ISO/IEC 27001:2022 Clause 6.1.2 Information security risk assessment
No Change
ISO/IEC 27001:2022 Clause 6.1.3 Information security risk treatment
The changes to ISO 27001 Clause 6.1.3 are minor but important Changing the wording of 6.1.3 c to now reference Annex A as containing a list of possible information security controls. This is a change from it containing a comprehensive list of control objectives. Removing the wording that control objectives are implicitly included in the controls chosen. Changing from the control objectives listed in Annex A as being not exhaustive with additional controls may being needed to the wording of Information Security Controls listed in Annex. Change the word control objectives to controls. Changing the sentence of 6.1.3 d into a list for ease of reading Changing the words ‘International Standard’ to the word ‘document’ Overall these are clarification changes and not material.
ISO/IEC 27001:2022 Clause 6.2 Information security objectives and planning to achieve them
ISO 27001 clause 6.2 had minor changes in the 2022 update with the changes being focussed on clarity. It introduced that information security objectives should be monitored and be available as documented information. This was always implied but is made explicit. As a result the numbering of the sub parts shifted but this is not material.
ISO 27001:2022 Clause 6.3 Planning Of Changes
NEW – when you make changes to the ISMS do it in a planned manner. Which you were anyway.
ISO/IEC 27001:2022 Clause 7 Support
ISO/IEC 27001:2022 Clause 7.1 Resources
No Change
ISO/IEC 27001:2022 Clause 7.2 Competence
No Change
4/12
Loading...
+ 8 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use