Changes to ISO 27001

ISO 27001 is an international standard that outlines the requirements for an information security management system (ISMS). It provides a framework for organisations to follow in order to securely manage their information and protect it from unauthorised access, use, disclosure, disruption, modification, or destruction.

The previous version of ISO 27001 was ISO/IEC 27001:2013. However, a new version, ISO/IEC 27001:2022, was released in October 2022. Some of the key changes in the updated standard include:

  1. A stronger emphasis on risk management The updated standard places a greater emphasis on risk assessment and the treatment of risk. It also requires organisations to establish a formal risk management process – we’d recommend organisations follow the ISO 31000 risk management process.
  2. New requirements for supply chain security – The updated standard includes new requirements for managing and protecting information throughout the supply chain. Globally, we’ve seen regulators focussing on this. Many regulators have introduced guidelines/regulation around the outsourcing of critical business activities.
  3. A focus on data privacy – The updated standard includes additional requirements related to the protection of personal data and the handling of data breaches. This ties in with the introduction of many pieces of data protection regulations, including GDPR.
  4. Changes to the structure and organization of the standard – The updated standard has a new structure, with a more logical flow and clearer language.

It is important for organizations that are currently certified to ISO 27001:2013 to be aware of these changes and to prepare for the transition to the updated standard. This may involve updating their ISMS to meet the new requirements and undergoing a recertification process.

To learn more about how the CalQRisk solution can assist with cybersecurity risk management, ISO 27001 compliance and more, request a free tailored demo.


Recent News

CalQRisk Wins Best RegTech Solution at National Fintech Awards

CalQRisk, a leading provider of Governance, Risk & Compliance solutions has won the ‘Best Regtech Solution Award’ at ...
Read More

CalQRisk shortlisted in National Fintech Awards

The CalQRisk solution is shortlisted for ‘Best Regtech Solution Award’ at the inaugural National Fintech Awards. The National ...
Read More

CalQRisk shortlisted in 2023 CIR Risk Awards

Having won ‘Risk Management Product of the Year’ at the 2022 CIR Risk Management Awards, CalQRisk is now ...
Read More

From Risk Capacity to Risk Appetite

Risk Capacity is the maximum amount of risk that an organisation is technically able to assume before breaching ...
Read More

SMT automates their approach to Risk Management with CalQRisk

SuMi TRUST Global Asset Services (“SMT”), a subsidiary of Sumitomo Mitsui Trust Bank Limited, one of the largest ...
Read More

Digital Operational Resilience for the Financial Sector Act (DORA)

The Digital Operational Resilience Act (DORA) entered into force on 16th  January 2023. It outlines EU regulations for information ...
Read More

8 Things to Consider in a Data Breach Response

A data breach can lead to reputational damage, financial losses and much more. By effectively preventing and investigating ...
Read More

The Golden Thread – Governance, Risk & Compliance

A joined-up approach to governance, risk and compliance (GRC) is something all GRC practitioners aspire to – but, ...
Read More

Dark Patterns, Hidden in Plain Sight

If you’ve spent any time on the internet, chances are you will have experienced ‘Dark Patterns’ and may ...
Read More

Over 100 Credit Unions Now Using CalQRisk

CalQRisk now has over 100 credit unions actively using their Governance, Risk Management and Compliance solution across the ...
Read More