Changes to ISO 27001

ISO 27001 is an international standard that outlines the requirements for an information security management system (ISMS). It provides a framework for organisations to follow in order to securely manage their information and protect it from unauthorised access, use, disclosure, disruption, modification, or destruction.

The previous version of ISO 27001 was ISO/IEC 27001:2013. However, a new version, ISO/IEC 27001:2022, was released in October 2022. Some of the key changes in the updated standard include:

  1. A stronger emphasis on risk management The updated standard places a greater emphasis on risk assessment and the treatment of risk. It also requires organisations to establish a formal risk management process – we’d recommend organisations follow the ISO 31000 risk management process.
  2. New requirements for supply chain security – The updated standard includes new requirements for managing and protecting information throughout the supply chain. Globally, we’ve seen regulators focussing on this. Many regulators have introduced guidelines/regulation around the outsourcing of critical business activities.
  3. A focus on data privacy – The updated standard includes additional requirements related to the protection of personal data and the handling of data breaches. This ties in with the introduction of many pieces of data protection regulations, including GDPR.
  4. Changes to the structure and organization of the standard – The updated standard has a new structure, with a more logical flow and clearer language.

It is important for organizations that are currently certified to ISO 27001:2013 to be aware of these changes and to prepare for the transition to the updated standard. This may involve updating their ISMS to meet the new requirements and undergoing a recertification process.

To learn more about how the CalQRisk solution can assist with cybersecurity risk management, ISO 27001 compliance and more, request a free tailored demo.

 

Recent News

Paralympics Ireland choose CalQRisk to streamline their Governance, Risk & Compliance efforts 

Paralympics Ireland has recently implemented the CalQRisk solution to streamline their Governance, Risk Management and Compliance efforts.  Paralympics ...
Read More

Changes to ISO 27001

ISO 27001 is an international standard that outlines the requirements for an information security management system (ISMS). It ...
Read More

DORA – What you need to know

The purpose of the EU’s new Digital Operational Resilience Act (DORA) is to ensure the safety and security ...
Read More

ILCU and CalQRisk form Alliance

The Irish League of Credit Unions (ILCU) has collaborated with CalQRisk to offer a best-in-class governance, risk management ...
Read More
Database

Top Cyber Risks in 2023

In 2023, there are several cyber risks of which organisations and individuals should be aware. These risks can ...
Read More
office meeting at sunrise

10 Things to Ask When Outsourcing / Choosing a Supplier

Many organisations choose to outsource critical functions or services to third parties/contractors. However, outsourcing the work does not ...
Read More
risk assessment

Top Risks for Charities in 2023

As charities work to address some of society’s most pressing issues, they are faced with a wide range ...
Read More
financial growth - money sprouting a seed

Featured Risk – Failure to appropriately address Climate Risk and broader ESG issues

Risk is the effect of uncertainty on objectives. Climate change, along with its broader environmental, social and governance ...
Read More

CalQRisk wins CIR Risk Management Product of the Year

CalQRisk, an Irish-developed software application, has won Risk Management Product of the Year in the recent Risk Management ...
Read More
Database

How to Prepare for Cyber Attacks

The potential for cyber-attacks is an ever-increasing concern. Daily, there are stories about organisations, both large and small ...
Read More