ISO/IEC 27001:2022
Published on 25 October

On 25 October 2022, the International Organization for Standardization published the latest version of ISO 27001 and updated its title to ‘Information security, cybersecurity and privacy protection — Information security management systems — Requirements’.  In line with its title, this latest version of ISO 27001 reflects a broader context and that preventing, detecting and responding to cyberattacks is now considered, as well as protecting information and data.

The 2022 version of the Standard provides the updated requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of your organisation.

What are the key changes?

The major change to the Standard has been the incorporation of the control set from ISO 27002:2022 into Annex A of ISO 27001:2022.  Naturally, threats change over time and the new Annex A controls reflect some of the threats that have emerged since the 2013 version was published, e.g., the increasing range of cyber-related threats and moves towards home and remote working.

There have also been a number of changes to the management system clauses, with the goal of making some of the requirements more explicit and improving the alignment (structure, terms and definitions) with other Annex SL standards, such as ISO 9001 and ISO 22301.

How URM can help

URM is ideally placed to help organisations certify against the updated Standard.  Should you already be certified to ISO 27001:2013, we can provide you with the following practical support to help you quickly and seamlessly transition to the 2022 version of the Standard:

Not certified?

If you are not certified, now has never been a better time to develop an information security management system and achieve certification. If you would like to understand more about the benefits and what’s involved in implementing ISO 27001, please register your interest here and we will be in touch.

WebinarGDPR Webinar – Back to Basics
11:00 am
,
Wednesday
07
December
2022

Understanding what you need to do in order to comply with the Regulation, in plain and clear language, is difficult to find. URM is holding a webinar designed to guide organisations on their journey to compliance with both the UK and EU GDPR.

Read more
USB stick, Padlock, Keys
WebinarISO 27001:2002 – What’s new?
11:00 am
,
Wednesday
18
January
2023

In this webinar, URM will provide you with a high level assessment of changes the latest version of ISO 27001, honing in on those changes which are likely to be the most challenging to address.

Read more
USB stick, Padlock, Keys

Penetration Tests – How to Maximise Your Investment

Published:
November 2022

URM provide practical advice on what your organisation can do in the various phases of a penetration testing in order to improve the effectiveness of penetration tests, reduce the costs and more...

Read more

ISO/IEC 27001:2022 Key Changes

Latest update:
23 Nov
2022

Following the publication of ISO/IEC 27001:2022 on 25 October 2022, this blog will provide you with our high-level analysis of the key changes.

Read more
Thumbnail of the Blog Illustration
Information Security
updateD:
23/11/2022
What are the Primary Objectives of the Controls Detailed in Annex A of ISO 27001:2013?  

Annex A of ISO 27001 comprises 114 controls which are grouped into the following 14 control categories. Each of the 14 categories and provide you with a clear explanation of the primary objective...

Read more
Thumbnail of the Blog Illustration
Information Security
updateD:
25/10/2022
What are the ‘Real World’ Benefits of Implementing ISO 27001?

In this blog, we want to dig a bit deeper into the benefits that are gained from implementing the Standard and from achieving certification...

Read more
Thumbnail of the Blog Illustration
Data Protection
updateD:
6/10/2022
Avoiding Email Data Security Breaches

For all of us, email can be both a blessing and a curse. On one hand you have the speed and convenience of communication, and on the other hand you have a significant information security risk...

Read more
"
Having never gone through the Cyber Essentials Plus process on behalf of a client I was very impressed with how the process went on testing day and I cant wait to take other clients through the process with URM.
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.