ISO 27001 is an international standard that outlines the requirements for an information security management system (ISMS). It provides a framework for organisations to follow in order to securely manage their information and protect it from unauthorised access, use, disclosure, disruption, modification, or destruction.

The previous version of ISO 27001 was ISO/IEC 27001:2013. However, a new version, ISO/IEC 27001:2022, was released in October 2022.

Key Changes in the Updated Standard

1. A Stronger Emphasis on Risk Management

The updated standard places a greater emphasis on risk assessment and the treatment of risk. It also requires organisations to establish a formal risk management process – we'd recommend organisations follow the ISO 31000 risk management process.

2. New Requirements for Supply Chain Security

The updated standard includes new requirements for managing and protecting information throughout the supply chain. Globally, we've seen regulators focussing on this. Many regulators have introduced guidelines and regulation around the outsourcing of critical business activities.

3. A Focus on Data Privacy

The updated standard includes additional requirements related to the protection of personal data and the handling of data breaches. This ties in with the introduction of many pieces of data protection regulations, including GDPR.

4. Changes to the Structure and Organisation of the Standard

The updated standard has a new structure, with a more logical flow and clearer language.

Preparing for the Transition

It is important for organisations that are currently certified to ISO 27001:2013 to be aware of these changes and to prepare for the transition to the updated standard. This may involve updating their ISMS to meet the new requirements and undergoing a recertification process.

To learn more about how the CalQRisk solution can assist with cybersecurity risk management, ISO 27001 compliance and more, request a free tailored demo.