GRC Viewpoint

ISO 27001: Here Is What You Should Know

Now, there is an innovative version of ISO (Information Security Management System) 27001. ISO 27001 includes critical changes in how enterprises protect their essential information.

The 2022 changes in ISO 27001 are the most significant changes to it in almost a decade. However, the recent changes make the former compatible with the latest business practices. Here is what enterprises should know about the information security management system 27001.

There are many new requirements that enterprises have to comply with.

READ MORE: CISOs In Huge Demand, Enterprises Have to Shell Out More to Hire Talented and Experienced CISOs

There are new rules on planned changes and how enterprises must deal with them.

There is enough emphasis on the expectations and requirements of the interested parties.

The other changes are in the terminologies used. The required alignment is with the language used across ISO management standards.

Annex A of the ISO 27001 refers to the latest information security controls within the ISO 27002:2022, published earlier this year. 

READ MORE: Enviornmental, Social and Governance, Abbreviated as ESG, Is Critical for GRC 2022 and Beyond

As per this, enterprises have to record and monitor their objectives. In other words, their goals need to be precise.

There are several changes to the ISO 27002 structure, which is the complimentary standard that outlines the controls that enterprises need to adopt. 

ISO 27002 doesn’t involve 14 control categories; instead, you would find themes, physical, technological, people, and organizational. 

The total number of controls is now 93 instead of 114. In addition, several controls are merged and reordered.

Thirty-five controls remain unchanged, and 11 new ones have been added. 

The controls included in ISO 27002:2022 can be considered an alternative control set that enterprises must compare with Annex A (existing). 

Related Articles

Latest Articles