ISO 27001:2022

Transition to the new standard ISO/IEC 27001: 2022

A new version of ISO/IEC 27001 was published in October 2022: 2022, which replaces ISO/IEC 27001: 2013. In addition to the harmonization of content with other ISO management standards, minor changes are made directly to the requirements of this standard, but what has changed significantly, is Annex A with follow-up to the recommendations of ISO/IEC 27002: 2022:

The structure has changed from 114 controls in 14 chapters to 93 controls in 4 chapters:

Organizational controls (Chapter 5)
People controls (Chapter 6)
Physical controls (Chapter 7)
Technological controls (Chapter 8)

Change at the level of controls:

11 new controls
23 controls renamed
24 merged controls (of the original 57)
35 identical controls
0 controls removed

Defined 5 new attributes for each control.

Scope of ISO/IEC 27002: 2022 standard grew from 88 pages to 162 pages (English original)

Transition period for implementation of ISO/IEC 27001: 2022 ends on 31 October 2025. At the same time, the Accreditation Body established that one year after the publication of ISO/IEC 27001: 2022 (i.e. from 31.10.2023) all new accredited certificates will only be issued according to ISO/IEC 27001: 2022.

Z

Consulting

For customers with an existing ISMS system according to ISO/IEC 27001: 2013, we have a transition plan in place to meet the requirements of the new ISO/IEC 27001: 2022 and we provide services:

analysis of the status of the organization and proposing the next steps for the transition to the new standard ISO/IEC 27001,
identifying, analyzing and assessing risks to new measures;
preparing risk treatment plans;
updating the ISMS information documentation;
implementing the ISMS in the organization’s processes and activities;
carrying out internal audits of the ISMS;
preparing the organization before carrying out audits by the certification body.