ISO 27001 is a globally recognized certification for an Information Security Management Systems (ISMS). The 2022 revision of the standard brought several changes and updates. This article explores the key differences between the 2022 and the deprecated 2013 version.

One of the most significant changes in ISO 27001:2022 is the reduction in the number of controls from 114 in ISO 27001:2013 to 93 in ISO 27001:2022. The controls are now grouped into four themes: Organizational, People, Physical, and Technical. Eleven new controls have been added, while many existing controls have been merged or renamed, and this to better reflect the changing IT environments and modern risks as well as their respective controls.

The overall structure of ISO 27001:2022 remains similar to ISO 27001:2013, with both versions containing 11 clauses. However, there are minor rewordings and reordering of clauses in the 2022 version to align with other ISO management standards.

ISO 27001:2022 introduces new requirements in several clauses. Clause 4.4 now requires organizations to establish, implement, maintain, and continually improve processes and their interactions. Clause 6.3 adds a new section for "Planning of Changes," emphasizing the need for adequate planning when changes are made to the ISMS.

ISO 27001:2022 has been updated to align more closely with other ISO management standards. This alignment helps organizations integrate their ISMS with other management systems more seamlessly. The 2022 version includes updated terminology and references to ensure consistency with other ISO standards. For example, Clause 3 now includes links to ISO and IEC terminology databases.

While ISO 27001:2022 brings several updates and changes, the core principles of establishing, implementing, maintaining, and continually improving an ISMS remain the same. The new version aims to provide clearer guidance and better alignment with other ISO standards, making it easier for organizations to manage their information security effectively.

CMI is a pre-certification for ISO 27001:2022, which allows you to have an expert consultation of your ISMS to improve your security posture. If you need to know more about CMI, please reach out via email: contact@certifymyisms.com.

Did you know: that our security consulting service uses Artificial Intelligence in order to better serve the security needs of clients, to improve the security posture of businesses and to deliver better results in a shorter period of time.