We've rebranded! Find out more about our rebrand to LRQA Nettitude here

REPORT AN INCIDENT

Select Page

ISO/IEC 27001:2022 has been published:

A new era for information security best practice

A new version of ISO/IEC 27001 published to address global cybersecurity challenges and improve digital trust.

The new version of the ISO 27001 standard, published today, gives organisations of all sizes, sectors, and locations an updated framework to tackle the ever-evolving legislative and regulatory cybersecurity landscape. It helps organisations to manage controls more effectively by grouping them into four clear themes – organisational, people, technological and physical. This change aims to achieve greater clarity, focus, and accountability for information security within an organisation.

The world’s best-known information security management system standard also features the recently updated information security controls outlined by ISO 27002:2022. There are now 93 controls instead of 114; 11 are new additions, whilst others have been merged or removed.

Organisations with existing ISO 27001:2013 certification will have three years to transition to the new standard.

Commenting on the new version of the standard Ben Turner, Global Head of Advisory Services, at LRQA Nettitude, said:

“The updated ISO 27001 standard upholds risk management best practices in the face of the ever-evolving legislative and regulatory cybersecurity landscape. The controls now also have five types of ‘attributes’ to make them easier to categorise making the standard more efficient and accessible to organisations.”

He added “Organisations will need to revisit their risk assessments and conduct a gap analysis to determine whether new risk treatments need to be implemented.”

LRQA Nettitude can support clients in making a successful transition, as well as engaging with new clients seeking ISO 27001 certification. Find more information about our ISO 27001 services here, or get in touch.

 

ISO/IEC 27001:2022 has been published:

A new era for information security best practice

A new version of ISO/IEC 27001 published to address global cybersecurity challenges and improve digital trust.

The new version of the ISO 27001 standard, published today, gives organisations of all sizes, sectors, and locations an updated framework to tackle the ever-evolving legislative and regulatory cybersecurity landscape. It helps organisations to manage controls more effectively by grouping them into four clear themes – organisational, people, technological and physical. This change aims to achieve greater clarity, focus, and accountability for information security within an organisation.

The world’s best-known information security management system standard also features the recently updated information security controls outlined by ISO 27002:2022. There are now 93 controls instead of 114; 11 are new additions, whilst others have been merged or removed.

Organisations with existing ISO 27001:2013 certification will have three years to transition to the new standard.

Commenting on the new version of the standard Ben Turner, Global Head of Advisory Services, at LRQA Nettitude, said:

“The updated ISO 27001 standard upholds risk management best practices in the face of the ever-evolving legislative and regulatory cybersecurity landscape. The controls now also have five types of ‘attributes’ to make them easier to categorise making the standard more efficient and accessible to organisations.”

He added “Organisations will need to revisit their risk assessments and conduct a gap analysis to determine whether new risk treatments need to be implemented.”

LRQA Nettitude can support clients in making a successful transition, as well as engaging with new clients seeking ISO 27001 certification. Find more information about our ISO 27001 services here, or get in touch.