ISO 27001:2022 is the most recent version of the international standard for information security management systems (ISMS). Published on October 25, 2022, it updates the previous 2013 version to better reflect modern information security practices and emerging threats. The standard provides a framework for organisations to manage the security of their information, including people, processes, and technology.
Key Changes
- Annex A Controls: The number of controls in Annex A has been reduced from 114 to 93. These controls are now grouped into four themes instead of 14 domains:
- Organisational Controls (37 controls)
- People Controls (8 controls)
- Physical Controls (14 controls)
- Technological Controls (34 controls)
- Risk Management: There’s a new emphasis on the context of the organisation and the needs of interested parties.
- Streamlined Language: The new version uses simpler language to make the standard more accessible and easier to implement.
ISO 27001 Context
The ISO 27001:2022 standard is the core of the ISO/IEC 27000 family of standards. Organisations that were certified to the 2013 version have a three-year transition period to update their ISMS to the 2022 requirements.
