ISO/IEC 27002: 2022 – changes you need to know about.
News and information from the Advent IM team.
From Advent IM Security Consultant, Leighton Hughes
ISO/IEC 27001 is an international information security standard that assists organisations in managing their information security. First published in 2005 (replacing ISO/IEC 17799) it was reviewed and updated in 2013. ISO 27001 details the requirements for organisations in establishing, implementing, and maintaining the continuous improvement of their Information Security Management System (ISMS), with the aim of ensuring that the information they hold is secure. ISO 27002, which is used in conjunction with ISO 27001, provides guidance to organisations on how to implement the security controls that are listed in Annex A of ISO 27001.
This year, we will see ISO 27002 receive its latest update, with the current iteration dating from 2013. The latest update has been in the works for 5 years, and has taken place over 10 meetings, with 3 working drafts and 2 committee drafts, and has resolved over 10,000 comments made by around 200 experts.
This will bring the standard up to date with technological requirements, a lot has changed in the last 9 years. Advances in technology have been widescale and so we need to ensure we can maintain information assets’ confidentiality, integrity, and availability as the threat to them and the tools in play, are ever-evolving.
Download our, What We Know So Far document.