Loading
Cloud computing and dependence on cyber storage have become prevalent across all industries. The systematic shift to the cloud computing setup has helped several companies enhance and strengthen their strategies. At the same time, it has augmented the risk possibilities. The cyber and information security risks need a thorough and careful assessment. Thus, the industry standard for information security management (ISMS) system, defined by ISO 27001, delivers a well-planned and structured framework. The systematic framework is critical for optimal data security, risk management, privacy compliance, and operational assurance.
The objective of ISO 27001 is to provide a comprehensive and robust ISMS framework to promote the management measures of data security requirements.
The 2022 update for ISO 27001 was introduced to strengthen the existing ISMS. The challenges and gaps in the previous clauses and framework of the ISO 27001 certification made it indispensable for bringing the necessary changes. The new alterations in the framework of ISMS cover all the critical aspects related to potential threats, cybersecurity, and privacy obligations. The framework is undoubtedly complicated, but with the correct transition approach it gets simplified.
The certification with the updated norms is now termed – ISO/IEC 27001:2022 for Information Security, Cybersecurity, and Privacy Protection. Annex A of ISO/IEC 27001 has the greatest number of changes, but there are other alterations. The significant changes in the certification include the following –
Annex A has undergone the maximum changes. The new-age version of ISO 27001 Annex A is comprehensive and has been revised thoroughly. The number of controls in ISO 27001 has reduced to 93 from 114 and the control measures have been categorized into four sections.
The segmentation has helped in simplifying the security attributes and eliminating possible repetitions. The new sections of the updated version of ISO 27001 contain the –
Simply put, 35 controls were not altered and among the rest, 23 controls were renamed. 57 controls were combined to create 24 new controls. Besides these, 11 controls got added as new parts in the ISO framework.
The five attributes introduced in the ISO 27001 updated framework are – Control type, Information security properties, Cybersecurity concepts, Operational capabilities, and Security domains.
These help organizations to recognize the current status of their ISMS and deduce the shortcomings systematically. Also, it facilitates the adoption of updated security measures and ideal practices for efficient business operations.
Get a chance to streamline the security measures and improve the ISMS with a trouble-free transition from the older framework to the updated ISO 27001 norms of 2022. With IRQS, you can seek a solution for a transition audit. Get a systematic and expert-led service for the transition audit and streamline the process. The auditor helps recognize the requirements and highlight the shortcomings for a better transition to the updated norms.