Businesses are now relying on technology more than ever. That increased usage of technology presents an increased risk of cyber-security threats – from malware to phishing. To tackle this increased risk posed by the ongoing technological revolution businesses today are experiencing, experts have anticipated a new version of ISO 27001 to be released this year.
However, against expectation, we understand that the International Organization for Standardization (ISO) is not going to release an all-new ISO 27001:2022. Instead, it is predicted that we are going to see an amendment to the existing ISO 27001:2013, which will be known as ISO/IEC 27001:2013+A1:2022.
Annex A will also be replaced with a normative version of the 93 new controls from ISO 27002:2022.
One of the key updates to the management system can be found in clause 6.1.3c, where it tones down the term ‘comprehensive list of controls’ to the more appropriate ‘possible controls’, which could possibly allow an organisation to continue using the controls from the 2013 version if they consider them more appropriate.
According to the ISO, voting has only just begun and will continue until April 26th. Therefore, we anticipate that the amendment will be released no sooner than May 2022, after which it will be possible to certify against it (and recertify for those already certified).
There are no definitive dates for the release of this amendment, and the structure is not fully confirmed so the amendment will be subject to change, which we will update you on once we know more.
If you’d like to find out more about what this means for your existing ISO 27001 and register you interest in upgrading your system once the relevant content is available, you can get in touch with us by emailing [email protected].