In this episode, Howard and Jim review the changes in ISO 27001:2022, Information Security Management Systems Requirements
Items discussed include:
- ISO 27001 - Information Security Management System was the pioneer in what was first known as the High Level Structure, is now called the Harmonized Structure, as it was developed for all the other standards to be built on.
- The breadth of changes in the Clauses:
- 4.2 - Interested Parties (minor tweak);
- 4.4 - Description of the Entire System (additional information added);
- 6.1 - Risk Management (additional information and clarification);
- 6.2 - Information Security Objectives (additional information and clarification);
- 6.3 - Change Management (new clause);
- 7.4 - Communication (minor tweak);
- 8.1 - Operation Planning (rewritten);
- 9.1 - Monitoring (additional information);
- 9.2 - Internal Auditing (expanded with new information);
- 9.3 - Management Review - (expanded)
- Annex A - Controls. They have been reorganized from 14 categories to 4 categories and have been reduced from 114 controls to 93:
- Clause 5 - Organization Controls (37)
- Clause 6 - People Controls (8)
- Clause 7 - Physical Controls (14)
- Clause 8 - Technological Controls (34)
- ISO 27002, the guidance document for Annex A (more in the next episode!)
- The benefit of beginning recertification sooner rather than later
What's in Store For The Next Episode
- Our topic is ISO 27002:2022 - Security Techniques, the newly updated guidance document for ISO 27001:2022 Annex A
- Next Steps
Click here to visit the SimplifyISO website to discover how this cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that need to be met.
More about Jim Moran
More about Howard