ISO 27001 – What’s New?

ISO 27001 – What’s New?

Cybersecurity threats are escalating and can have major effects on organizations. The International Organization for Standardization (ISO) developed standards to provide solutions to these types of global challenges. 

A newly updated version of ISO 27001 will soon be hitting the streets! On February 15, 2022, ISO issued an update to ISO 27002 (guidance for implementation of ISO 27001 – Annex A security controls). The goal was to make the standards more relevant and up to date with the latest technologies and security threats. The changes will also make it easier for organizations to comply with the standard. We can anticipate the changes that will be coming for ISO 27001:2022 later this year. 


Overview of Expected ISO 27001:2022 Annex – A Security Control Updates  

If you’re a security practitioner dealing with ISO 27001, you’re probably wondering what new things you will need to implement as part of the changes that will be made to this standard in 2022. 


ISO 27002 as introduced guidance for 11 new controls set to be introduced in ISO 27001:2022 version of the standard 


The new controls include:  


  • A.5.7 Threat intelligence 

  • A.5.23 Information security for use of cloud services 

  • A.5.30 ICT readiness for business continuity 

  • A.7.4 Physical security monitoring 

  • A.8.9 Configuration management 

  • A.8.10 Information deletion 

  • A.8.11 Data masking 

  • A.8.12 Data leakage prevention 

  • A.8.16 Monitoring activities 

  • A.8.23 Web filtering 

  • A.8.28 Secure coding 


When do the changes take place? What does this mean for my organization?  

The new version of ISO 27001:2022 is expected to be officially published in October of this year. For organizations curious as to how this may affect their existing ISO 27001:2013 certifications, know that there is generally a two-year grace period following the publication of a new ISO revision that will allow ample time for adjustments to be made.  


For organizations who are looking to be certified to ISO 27001 soon, it is still advised to pursue the ISO 27001:2013 version. This will allow you to implement the needed requirements and meet any contractual obligations in the immediate future while giving you a strong platform to build on for any upcoming revisions. 


Benefits of ISO 27001 Certification? 

Is your organization looking to get ISO 27001 certified? Look no further! Kreative can help. We strongly recommend certification for any organization no matter the industry. ISO 27001:2013 certification offers an internally recognized framework for protecting your information security. Becoming certified provides substantial benefits and security risk reduction for your organization. 


Key benefits include:  


  • Improved security – By identifying and addressing information security risks, organizations are better positioned to protect their data and reduce the risk of a data breach. 

  • Address global customer requirements – Having ISO 27001 certification can help an organization meet the security compliance requirements of global customers. 

  • Competitive advantage – By demonstrating your organization meets the highest standards for information security it can increase trust and transparency with your customers. 

  • Mitigate risks – Certification can help mitigate the risk of cyberattacks and data breaches which may cause organizations to lose customers, incur regulatory fines, and suffer damage to their brand and reputation. 


How can Kreative help? 

Choosing the right consultant is critical to an organization’s success. Our trusted and experienced team collaborates with organizations to develop a comprehensive and defensible compliance program to meet various security standards. 
We can help existing clients during the transition and can help new clients get their certification. Stay tuned for ongoing updates and news on all things related to ISO 27001! 


Leave a Reply

Close Menu