ISO 27001 is the internationally recognised Standard for information security. The ISO 27001 framework offers your business an effective Information Security Management System (ISMS), with key processes to help protect your organisation from cyber threats and remain compliant with stringent legislation.
With ISO 27001, you’ll be able to implement organisational and technical risk controls to help maintain robust security management. But, it’s not just about IT! It helps secure data security across all areas of your business – whether it’s online or offline. The Standard is suitable for businesses of all sizes, from startups to larger organisations.
In October 2022, the ISO 27001 Standard was updated with several changes to the structure. ISO 27001:2022 is the latest version of the Standard, which replaced the previous version – ISO 27001:2013.
In the previous version, Annex A was divided into 14 categories, which correspond with the guidance of ISO 27002. The ISO 27001 controls were made up of 14 clauses, containing 114 different controls. There are now 93 controls, grouped into four themes:
The changes reflect a modernised approach to managing and dealing with information security risks. For a little more background information about the new controls, check out the section below!
The eight controls contained within the people theme help your business regulate human activity regarding all of your information security. These controls outline how working personnel interact with data and each other. Areas covered in this theme include:
The organisational theme has the most controls of the new ISO 27001 structure, with 37 in total. For your business to function and meet the ISO 27001 Standard effectively, you must be able to demonstrate organisational controls that meet the legal regulations and measures regarding data protection. Controls in this theme include:
The technological controls have been designed so that your organisation can adopt a set of digital regulations that help preserve a compliant IT infrastructure. This means safeguarding your business with valuable secure technology at the heart of your business, such as protection from data leaks, encryption and authentication.
The new technological controls include:
In order to protect confidential information, physical safeguards are measures employed to ensure the security of tangible assets including:
The ISO 27001 controls have been merged, meaning the structure of the controls has been changed slightly as part of the new ISO 27001:2022. Let’s explore what these changes mean in a little more detail…
ISO 27002:2022 is the supporting standard that offers guidance on how information security controls should be implemented. The changes in the control set published in ISO 27002:2022 are reflected in Annex A of ISO 27001:2022.
Annex A is a brief overview, but to actively apply each control, more detail is required. And that’s exactly what ISO 27002 offers, a supplementary standard with a detailed overview of each control, providing a breakdown of how the control works and what is required to implement it.
Stay ahead of cyber criminals and new emerging threats by partnering with us. We now offer ISO 27001:2022 certification, meaning you can put all the necessary controls in place to protect and safeguard information security for your business.
Our ISO 27001 auditors can test your information security management system, offering you advice and guidance to improve ISO 27001 processes within your business.