The ISO 27001 standard was updated in 2022. Here are the updates in a nutshell.
The standard has a total of 11 clauses;
- Scope
- Normative references
- Terms and definitions
- Context of the organization
- Leadership
- Planning
- Support
- Operation
- Performance evaluation
- Improvement
There are a total of 93 controls in Annex A. These controls are categorized as follows;
- Organizational (37 controls)
- People (8 controls)
- Physical (14 controls)
- Technological (34 controls)
Important changes
Annexure A is categorized into 4 categories or themes, compared to the 14 control domains in the 2013 version
Total number of controls are reduced from 114 to 93 . This includes merging of similar controls ( from 2013 version)
11 new controls are added to address the evolving cyber threat landscape
The 11 new controls added are;
- Threat Intelligence
- Information Security for the use of cloud services
- ICT readiness for business continuity
- Physical security monitoring
- Configuration management
- Information deletion
- Data masking
- Data leakage prevention
- Monitoring activities
- Web filtering
- Secure coding
There are minor text changes to the clauses (4–11) to align with Annex SL and other management system standards like ISO 9001.
To conclude there are no major changes to the 2022 version except for some new controls added to Annex A.
Stay tuned for my upcoming series of posts where I will deep dive into the controls in Annex A
