11 most important facts about changes in ISO 27001/ISO 27002
Update 2022-02-16: This blog post was updated since the official ISO 27002 2022 revision was published on February 15, 2022.
ISO 27001 and ISO 27002 are being updated during 2022, so there is a great interest in what will change.
Here are the most common questions we typically get, and the detailed explanations.
- Main part of ISO 27001, i.e., clauses 4 to 10, are not changing
- Only the security controls listed in ISO 27001 Annex A will be updated
- Number of controls has decreased from 114 to 93
- Controls are placed in 4 sections instead of previous 14
- There are 11 new controls, while none of the controls were deleted, and many controls were merged
1) What exactly is changed in ISO 27001:2022 and ISO 27002:2022?
Main part of ISO 27001, i.e., clauses 4 to 10 are not going to change. These clauses include the scope, interested parties, context, Information security policy, risk management, resources, training & awareness, communication, document control, monitoring and measurement, internal audit, management review, and corrective actions.
Only the security controls listed in ISO 27001 Annex A and in ISO 27002 will be updated.
In general, the changes are only moderate and were made primarily to simplify the implementation: number of controls has decreased from 114 to 93 and are placed in 4 sections instead of previous 14. There are 11 new controls, while none of the controls were deleted, and many controls were merged.
Changes in ISO 27001:2022 Annex A will be fully aligned with changes in ISO 27002:2022, you can read the details about the changes in controls here: Main changes in the upcoming new version of ISO 27002.
2) What is the difference between ISO 27001 and ISO 27002?
*** This is a Security Bloggers Network syndicated blog from ISO 27001 & ISO 22301 Blog – 27001Academy authored by ISO 27001 & ISO 22301 Blog – 27001Academy. Read the original post at: https://advisera.com/27001academy/blog/2022/02/09/iso-27001-iso-27002/
