Value-added business processes are driven by information and data. Without information exchange, nothing works in our digital economy. Our basic services are based on critical infrastructures whose functionality is highly dependent on the exchange of information and data. Information security extends far into the reality of our work and lives. Protecting information-driven daily operations, critical data and intellectual property from cyber threats is therefore imperative for businesses of all sizes. In this age of industrialized cyberattacks, adapting to ever-changing information security risks requires a timely and flexible approach to building enterprise resilience. ISO/IEC 27001:2022 Certifications ISMS
And this is exactly where the new ISO/IEC 27001:2022 ISMS comes in with its focus on process orientation in information security management. For more than two decades, the ISO 27001 standard has been an established, but aging, basis for information security management systems. And despite its age, according to the ISO Survey, the standard was able to grow with an increase of 32% in certificates in the past year 2021. Against the backdrop of growing demand for a contemporary information security assessment framework, the new ISO/IEC 27001:2022 ISMS was published on October 25, 2022. What's in store?
The new features of ISO 27001:2022 at a glance
High Level Structure becomes Harmonized Struture
Normative changes in ISO/IEC 27001:2022
The new Annex A of ISO/IEC 27001:2022
What does the update mean for your certification?
The new ISO/IEC 27001:2022 - Conclusion
Overview of the new features of ISO 27001:2022
ISO 27001 ISMS describes the framework for an information security management system (ISMS for short) - and that for companies regardless of organizational structure, size or orientation. The linchpin here is risk management. Changing cyber threats are constantly exploiting new potential vulnerabilities in companies with the aim of attacking and compromising information flows and thus business processes. The risks arising from this mechanism on the three essential protection goals of information security - confidentiality, integrity and availability - must be identified and managed.
The update to ISO/IEC 27001:2022 addresses best practices for managing these information security risks. The list of possible information security controls in the normative Annex A of the new ISO/IEC 27001:2022 is identically derived from the revised ISO/IEC 27001:2022 Certifications ISMS guidance. The implementation guidance was already adopted in February of this year with a simpler taxonomy and contemporary security controls. With the new ISO/IEC 27001:2022 now published, the successful ISO standard tandem 27001/27002 with its valuable recommended measures is once again state of the art.
ISO/IEC 27001:2022-10 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements
The standard is available in English on the ISO homepage.
Another significant change in the new ISO/IEC 27001:2022 is that, with adaptation to the so-called Harmonized Structure, the long overdue requirement for process orientation is placed in the focus of an effective ISMS. The basis of effective management systems are clear processes and their interactions as well as target-oriented criteria for these processes for their control.
In the following, we will take a closer look at the three change areas of the new version of ISO 27001.
High Level Structure becomes Harmonized Structure
As of May 2021, the previous High Level Structure (HLS) is being succeeded by the Harmonized Structure (HS). The HS is the basic structure and template for the development of new and future revisions of existing ISO management system standards. ISO/IEC 27001:2022 is one of the first management system standards to be adapted to the HS. Various clarifications, additions, but also deletions in the HS compared to the HLS are rather interesting for users who are familiar with the standard.
Comments
Post a Comment