Information Security
ISO 27002:2022 Update
In February 2022, the ISO/IEC 27002 Standard was updated by the International Organisation for Standardisation (ISO). ISO 27002:2022 provides a reference set and guidance on information security, cybersecurity and privacy protection controls. URM’s Lisa Dargan presents a short video where she answers the following questions:
What are the key changes from the 2013 version of the Standard?
Lisa looks at the statistics in term of the number of information security controls to be merged and updated, as well as the new ISO 27002 controls. With ISO 27002:2022, controls are now grouped together in 4 themes or categories, rather than 14 clauses and Lisa examines these categories as well as the potentially significant introduction of 5 attributes, where you can assign hashtags to controls to enable you to filter, sort or present controls in different ways.
Why have the changes been made?
Here, Lisa reflects on some of the factors that have led to the changes in ISO 27002 controls (and what will be ISO 27001 controls) such as evolving threat landscape, changing work patterns and the introduction of legislation. Lisa discusses how these factors have influenced not just the type of controls being introduced, but the way the Standard has been structured.
What about the implications for ISO 27001?
ISO 27001 the Specification or Requirements Standard which is used by organisations to certify against is naturally expected to adopt the ISO 27002:2022 controls in full, as part of its Annex A, when it is updated later in 2022. For those organisations already certified, Lisa suggests several key things you should be doing in response to the update of ISO 27002:2022 and the introduction of new ISO 27002/ ISO 27001 controls.
Find out more in our blog: ISO 27002: 2022 Update
ISO 27002:2022 Control Migration Online Course
If you want to learn more about ISO 27002:2022 and how to implement the new controls and the new attributes, you can attend URM’s ISO 27001:2022 Control Migration Course. There are no prerequisites for attending this course. The course is aimed at anyone who needs to understand the changes associated with ISO 27002 and which will be adopted as Annex A of ISO 27001.
Why URM?
Register
Please note, we can only process business email addresses.
Consultancy
Are you planning your ISO 27001 audit programme?
Find out what you will need to carry out in order to have an effective ISO 27001 auditing function and programme
Read more
Consultancy
Do you need any help with ISO 27001 certificate?
URM can help you achieve ISO 27001 certification
Read more
Consultancy
ISO 27002:2022 Support
URM can provide a range of ISO 27002:2022 transition services including conducting a gap analysis, supporting you with risk assessment and treatment activities as well as delivering a 2-day transition training course.
Read more
URM is renowned for helping organisations to achieve the optimum balance when implementing an ISMS.
Find out more
"
This was a good webinar, thank you. Having it as a webinar rather than face to face worked really well and much more convenient with the new standards for travel and cost being put in place etc. The information was useful and well paced. Would be great to get a copy of the slide deck sent out as well. I missed the first minute or so but it would of been good to see an image of who was presenting as well. And you answered my question as well. Thanks
Webinar 'How to Achieve ISO 27001 Certification'