It has been a long time coming! The upgrade to the international standard for information security management systems, ISO27001:2013, is here (almost).

Hallelujah!

If you’re reading this article, then there’s a reasonable assumption that you know what ISO27001 is and you’re not going to be too worried about the back story. But let’s all be clear on a couple of points.

The current version of the Information Security Management Standard is ISO27001:2013. 

The last update to the standard was 2017 when (for some reason) a committee of information security specialists were required to change about three words and add a couple of ‘full-stops’ (!). Yes, I’m being flippant here! I’m sure it was just an oversight and not some cynical opportunity to get professionals (like me) very excited and to rush out and spend almost £200 for nothing more than a cosmetic change! (All I’m saying is that many of our hairstyles have seen more change in the last five years than this standard.)

So… here we are. 2022. Te news that has been circulating around the hallowed halls of Information Security Central is that the NEW version of ISO27001 is almost with us!

It’s a Date!

It is highly anticipated that ISO27002 will be with us in January 2022 and that ISO27001 will be with us in March 2022.

Why Is This Important?

ISO27002 is the guidance on implementing the controls (normally referred to as ‘Annex A Controls’), and it therefore provides us with insight into the changes.

ISO27001 is the actual certification standard for an organization.

(If anyone says that they are “ISO27002 Certified,” you have my permission to smile wryly and politely move away quickly.)

What Do We Know So Far?

Ok, so you have recently been certified to ISO27001:2013. Congratulations! But (Read more...)