ISO 27001 Transition
The new version of ISO 27001 is here - ISO/IEC 27001:2022. The digital landscape is changing, with new business practices, cloud computing and remote working. In response the relevant standards for information security - the ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Controls for Information Security standards have been updated to reflect this evolution.
If you are already certified to ISO 27001 you will need to plan for transition to the new standard and Spritzmonkey can help.
Need help?
Please contact us to arrange a telephone or face-to-face appointment to discuss your needs.
What’s changed?
Key changes in this revision come in Annex A, reflecting the changes made in ISO/IEC 27002:2022. These changes are:
The structure has been consolidated into four key areas: Organisational, People, Physical and Technological. There were 14 in the previous edition.
Controls listed have decreased from 114 to 93, although less is more. Some controls have been merged or updated, some have been removed and there are new ones that have been introduced.
The concept of attributes has been introduced.
There are editorial changes, including:
“International standard” replaced with “document” throughout
Re-arranging of some English phrases to allow for easier translation
There are also changes to align with the ISO harmonised approach:
Numbering has been re-structured.
Requirement to define processes needed for implementing the ISMS and their interactions has been added.
Explicit requirement to communicate organisational roles relevant to information security within the organisation has been added.
New clause 6.3 added – Planning of Changes.
There is a new requirement to ensure the organisation determines how to communicate as part of clause 7.4.
There are new requirements to establish criteria for operational processes and implementing control of the processes.
Making the transition with Spritzmonkey
Spritzmonkey’s committed, experienced and supportive consultants understand the standards and can apply them with in-depth technical knowledge and experience so you and your customers can be confident that you are secure.
We have already implemented new management systems to the new standards and assisted existing clients to plan for their transition, making the necessary changes.
From the outset we aim to build open and honest relationships with clients. By listening to you and adopting a flexible straightforward approach, we work with you to understand your business, how it works and it’s culture. That way, no matter what industry you are in, we can tailor our services to suit your needs and fit in with how you and your teams work.
Our consultants have backgrounds in IT and Cyber Security across many different sizes and types of organisation; we have the knowledge of best practice guidance and current threat landscape to understand the standards and apply them effectively to your business in a way that maximises the benefits.
Spritzmonkey, BSI Associate Consultant are certified to Cyber Essentials and IASME Governance Standard Gold and are members of a number of relevant trade organisations including Cyber Exchange. We are recognised by many leading audit bodies including BSI, LRQA, Centre for Assessment and Alcumus ISOQAR.
Contact us
