ISO/IEC 27001:2022 Information Security Management System
Page Information
Contents
ISO/IEC 27001:2022 Information Security Management System
What is ISO/IEC 27001:2022?
ISO/IEC 27001 is an international standard for information security management system established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and the most authoritative international certification standard in the field of information security. It covers information security policy and physical security, information access control, etc.
ISO/IEC 27001 was developed to provide requirements for the establishment, implementation, maintenance, and continuous improvement of the information security management system ISMS (Information Security Management System). Also, Information security management systems are preserving the confidentiality, integrity, and availability of information by applying risk management processes and provide stakeholders with a belief that risks are properly managed.
Recently, institutions that handle important assets such as finance, education, healthcare, telecommunications, portals, and government agencies including public institutions, as well as companies that are subject to external evaluations such as IT management evaluation, credit evaluation, and accounting audit, are continuously obtaining certification. These include companies that manage or operate entrusted customer information.
< ISO/IEC 27001:2022 >
Major revisions
ISO published ISO/IEC 27001:2022 in the second half of 2022. Companies that have previously maintained ISO/IEC 27001:2013 certification must transition by October 25, and ISO 27001:2013 will cease issuing certificates after April 2024.
The main revisions are as follows.1. Change of standard name
The original ISO/IEC 27001:2013 was Information security, cybersecurity, and privacy protection — Information security management systems, but ISO/IEC 27001:2022 was changed to Information security, cybersecurity and privacy protection — Information security management systems.
2. Added clause and Changed Numbers
• Adding a new clause 4.2 c) to determine the requirements of the interested parties addressed through an information security management system (ISMS).
• Adding a new clause 6.3 - Planning for changes, which defines that the changes to the ISMS shall be carried out by the organization in a planned manner.
• The order of the sections of clause 10.1 and 10.2, which are sub-clauses of Section 10 Improvements, has been changed.
3. Term change
Changed and restructured terminology with potential ambiguity.
4. Annex A change
Compared with the old edition, the number of information security controls in ISO/IEC 27002:2022 decreases from 114 controls in 14 clauses to 93 controls in 4 clauses.
For the controls in ISO/IEC 27002:2022, 11 controls are new, 24 controls are merged from the existing controls, and 58 controls are updated.
• Organizational controls(37)
• People controls(8)
• Physical controls(14)
• Technological controls(34)
Necessity of ISO/IEC 27001:2022
With the spread of information communication and the Internet, individual lifestyles and business methods are changing, and as the information society develops, all major tasks depend on information systems. This development has made fast and convenient life and business possible, but as a side effect of rapid informatization, leakage of personal information, leakage of customer information, and leakage of industrial secrets have increased. In preparation for ever-increasing cyber threats, companies need to respond to cyber threats on their own.
ISO/IEC 27001 is a documented set of policies, procedures, processes and systems that manages the risks of data loss from cyber-attacks, hacks, data leaks or theft. Through ISO/IEC 27001 certification, organizations can benefit like below
< Necessity of ISO/IEC 27001:2022 >
1. Customer satisfaction
Realization of customer trust and customer satisfaction through protection of customer information
2. Business continuity
Secure business sustainability and business stability through risk management, legal compliance and vigilance on future security issues and concerns
3. Compliance with laws
Understand how legal/regulatory requirements affect you and your customers, and how to reduce the risk of legal sanctions
4. Risk management
Reliability is secured through independent verification of recognized global industry standards
5. Proof of business reliability
Reliability is secured through independent verification of recognized global industry standards
6. Business expansion
Customers often require a certificate as a condition of delivery, so certification can help you expand your business.
Requirements of ISO/IEC 27001:2022
- 4. Context of the organization
- 5. Leadership
- 6. Planning
- 7. Support
- 8. Operation
- 9. Performance evaluation
- 10. Improvement
- Annex A Information security controls reference
- PreviousFood Safety Culture 23.04.04
- Next[Partner Introduction] Global Personnel Certification 21.09.08
Comment list
There are no registered comments.