Changes to ISO 27001 that you need to know

The cybersecurity standard ISO 27001 has been updated, and we’re here to explain the changes to you and what your business needs to know.

After first being published in 2005, the 2022 update to the ISO 27001 Standard is here! Its official name – ISO/IEC 27001:2022 Information Security, Cybersecurity, and Privacy Protection – Information Security Management Systems – is a mouthful but it’s an integral part of shoring up your business’s defences when it comes to protecting sensitive data.

Last year, there was a 26 per cent increase in the amount of – which means this ISO standard is increasingly relevant to today’s digitally advanced world in which we digitise almost everything.

Aside from the name change to ISO 27001:2022 to reflect the latest edition of the ISO 27000 series, what else has changed?

• New and improved controls: there’s been a reduction from 144 controls in the previous edition of this standard to 93. Removal of these controls was due to duplication or being merged with others for better alignment. There have also been 11 new controls added.
• Removal or replacement of terms: ‘Code of Practice’ and ‘Control Objectives’ are two important terms that have been removed.
• Focus on cyber risks: greater attention has been given to cyber risks, meaning that organisations will now need to take steps to better protect their networks, sensitive information, and systems from potential breaches.
• Update to clause 6.1.2 d: the wording of this clause has been vastly improved to give more clarity to businesses and eliminate any ambiguity.

But what does this all mean for my business?

If you’re on top of things and already ISO 27001:2013 certified, you will need to update your certification to comply with the new 2022 revised standard. But there’s good news – these changes are minor and with a two-year transition period for already certified businesses to conform to the new version, most organisations should be able to make these changes easily.

The benefits of ISO 27001 Certification continue to increase – here’s why it’s worth re-investing in fresh certification

Achieving the latest ISO:27001 certification brings many benefits to your business including:

• Showing that your organisation takes information storage seriously and implements best practice processes and procedures to protect sensitive data.
• Reducing the risk of a potential breach.
• Protecting and enhancing your business’s reputation.
• Complying with complex data protection laws.
• Identifying and addressing security concerns and risks with more efficient and cost-effective processes.
• Standing out from the crowd with an increased competitive edge by having the highest standards of information security in place.

QMS Certification Services is the ideal provider to work with to achieve ISO 27001 Certification because of our experience, our high standards and a brand you can benefit from

Our experienced team will guide you through the certification process by simplifying the application and auditing process. From providing audit outcomes that add value to your organisation to implementing best-practice processes, our auditors aim to help your business achieve its ISO certification goals.

Ready to get ISO 27001 certified? Connect with our trusted and experienced team today. Contact QMS Certification Services today to discuss your needs.

Considering certification? To find out if your business is ready for certification today, download our self-assessment checklist here: