Preparing for ISO 27001:2022. What You Need to Do.

With a new ISO 27001 standard moving to draft status, we know an updated version is imminent for publication, which means if you already operate an information security management system, a number of documents will need updating, and some new policies may be needed.

The Resilify.io team have been preparing new documentation templates and policies since the release of ISO 27002:2022 back in February 2022, in anticipation for an update to the main certified standard.

What has Changed?

Here are the mean changes:

New title for ISO 27002: “Information security, cybersecurity and privacy protection — Information security controls”.
Control set has been revised down from 114 to 93 controls.
Just 4 Control categories, consisting of organisational, people, physical and technological.
24 Merged Controls.
11 New Controls.

What needs to be updated?

Any references to Annex A control numbers will need to be updated for consistency across your ISMS. The main documents that need updating are:

Statement of Applicability,
Risk Assessment & Treatment Plans.

In addition, the following new controls may need documentation, such as a policy:

Threat Intelligence
Information Security for Use of Cloud Services
ICT Readiness for Business Continuity
Physical Security Monitoring
Configuration management
Information Deletion
Data Masking
Data Leakage Prevention
Monitoring Activities
Web Filtering
Secure Coding

How to make the Transition to ISO 27001:2022?

As with any new standard, we expect the certification bodies to allow a three-year transition window, which means you have time to update your information security management system.

Map 2013 Controls to 2022 Controls.
Implement the 11 new controls.
Update References throughout the system.
Conduct an impartial internal audit.
Hold a Management Review.

While this can be done in house, we recommend contacting our ISO Consultants, Assent Risk Management for help and support, particularly with the impartial internal audits.

Contact Assent

When will Resilify.io Publish Resources for ISO 27001:2022?

While we have draft documentation ready to go, we will not be publishing this on resilify.io until ISO 27001:2022 has been published, just in case, there are any unplanned changes that come out in the final version.

When we do release new resources we will keep you informed.
Make sure you are subscribed to the Resilify.io Mailing List!

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

What has Changed?

What needs to be updated?

How to make the Transition to ISO 27001:2022?

When will Resilify.io Publish Resources for ISO 27001:2022?

Leave a ReplyCancel Reply