The ISO Review Podcast

ISO 27001:2022 - Here's What to Look For...

November 15, 2022 Jim Moran / Howard Fox Season 1 Episode 9
ISO 27001:2022 - Here's What to Look For...
The ISO Review Podcast
More Info
The ISO Review Podcast
ISO 27001:2022 - Here's What to Look For...
Nov 15, 2022 Season 1 Episode 9
Jim Moran / Howard Fox

In this episode, Howard and Jim review the changes in ISO 27001:2022, Information Security Management Systems Requirements

Items discussed include:

  • ISO 27001 - Information Security Management System was the pioneer in what was first known as the High Level Structure,  is now called the Harmonized Structure, as it was developed for all the other standards to be built on.
  •   The breadth of changes in the Clauses: 
    • 4.2 - Interested Parties (minor tweak); 
    • 4.4 - Description of the Entire System (additional information added); 
    • 6.1 - Risk Management (additional information and clarification); 
    • 6.2 - Information Security Objectives (additional information and clarification); 
    • 6.3 - Change Management (new clause);
    • 7.4 - Communication (minor tweak);
    • 8.1 - Operation Planning (rewritten);
    • 9.1 - Monitoring (additional information); 
    • 9.2 - Internal Auditing (expanded with new information);
    • 9.3 - Management Review - (expanded)
  • Annex A - Controls. They have been reorganized from 14 categories to 4 categories and have been reduced from 114 controls to 93:
    • Clause 5 -  Organization Controls (37)
    • Clause 6 -  People Controls (8) 
    • Clause 7 -  Physical Controls (14)
    • Clause 8 -  Technological Controls (34)
  • ISO 27002, the guidance document for Annex A (more in the next episode!)
  • The benefit of beginning recertification sooner rather than later

What's in Store For The Next Episode

  • Our topic is ISO 27002:2022 - Security Techniques, the newly updated guidance document for ISO 27001:2022 Annex A

  • Next Steps
    Click here to visit the SimplifyISO website to discover how this cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that need to be met.

More about Jim Moran

More about Howard

Show Notes

In this episode, Howard and Jim review the changes in ISO 27001:2022, Information Security Management Systems Requirements

Items discussed include:

  • ISO 27001 - Information Security Management System was the pioneer in what was first known as the High Level Structure,  is now called the Harmonized Structure, as it was developed for all the other standards to be built on.
  •   The breadth of changes in the Clauses: 
    • 4.2 - Interested Parties (minor tweak); 
    • 4.4 - Description of the Entire System (additional information added); 
    • 6.1 - Risk Management (additional information and clarification); 
    • 6.2 - Information Security Objectives (additional information and clarification); 
    • 6.3 - Change Management (new clause);
    • 7.4 - Communication (minor tweak);
    • 8.1 - Operation Planning (rewritten);
    • 9.1 - Monitoring (additional information); 
    • 9.2 - Internal Auditing (expanded with new information);
    • 9.3 - Management Review - (expanded)
  • Annex A - Controls. They have been reorganized from 14 categories to 4 categories and have been reduced from 114 controls to 93:
    • Clause 5 -  Organization Controls (37)
    • Clause 6 -  People Controls (8) 
    • Clause 7 -  Physical Controls (14)
    • Clause 8 -  Technological Controls (34)
  • ISO 27002, the guidance document for Annex A (more in the next episode!)
  • The benefit of beginning recertification sooner rather than later

What's in Store For The Next Episode

  • Our topic is ISO 27002:2022 - Security Techniques, the newly updated guidance document for ISO 27001:2022 Annex A

  • Next Steps
    Click here to visit the SimplifyISO website to discover how this cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that need to be met.

More about Jim Moran

More about Howard