ISO27001 has been updated – Version 2022

March 18, 2023

The international standard for Information Security Management (ISO27001) received a significant update from the previous 2013 version of the standard.

Summary of Changes:

Main changes in the ISO 27001 2022 revision:

  • The main part of ISO 27001 standard, i.e., clauses 4 to 10, have been slightly changed.
  • The changes to the Annex A security controls are not extensive.
  • The number of security controls has decreased from 114 to 93.
  • The security controls are now placed into only 4 sections, instead of the previous 14.
  • There are 11 new controls, none of the previous controls have been deleted, but many controls have now been merged.

Changes to the Management System:

The following table represents the key changes to the management system.

New requirements in the main part of the standard:
4.2 c) – Requirements of interested parties to be addressed through the ISMS
6.3 – Planning of stages
8.1 – Establishing criteria for processes and implementing control for them
9.3.2 c) – Management review input – changes in needs and expectations of the interested parties

Changes in Annex A Security Controls:

Screenshot 2023 03 18 at 11.51.44
ISO27001 has been updated - Version 2022 3

New Security Controls:

Screenshot 2023 03 18 at 11.53.21
ISO27001 has been updated - Version 2022 4

Transition to the new version of the standard:

Companies that are certified to the 2013 standard have effectively up to three years to transition to the 2022 standard, e.g. by October 31st 2025.

How can we help?

We can assist you to make this transition. We have a number of experienced ISO27001 professionals who can work with your team to manage the transition and ensure that you maintain the standard.

Author – George Harris – ISO27001 Consultant.

Request a callback

Schedule a call with us using Microsoft Teams

Request a callback