The updated edition of ISO/IEC 27001

The updated edition of ISO/IEC 27001

On 25th of October 2022, ISO has published the updated edition of its reference standard for information security management systems, ISO/IEC 27001.

The 2022 edition will replace the previous version of ISO/IEC 27001 from 2013.

However, ISO/IEC 27001:2022 is not a fully revised edition, the changes are limited, and they mostly refer to the information security controls from Annex A of the standard. Instead of 114 security controls we now have only 93 controls, which are divided into 4 themes (organizational controls, people controls, physical controls and technological controls). Some of the controls from the prevoius edition of ISO/IEC 27001 have been eliminated, others have been merged and there are 11 new security controls in the 2022 edition.

Considering that the impact of the changes brought by the 2022 edition of ISO/IEC 27001 is limited, we do not anticipate major difficulties for our certified clients in updating their ISMSs.

A transition period of 3 years has been established by the IAF, to migrate all existing certifications to the new edition of ISO/IEC 27001.

We estimate that in the second part of 2023 RIGCERT will be in the position to issue accredited certifications to the 2022 edition of ISO/IEC 27001.

For any other information about the new edition of ISO/IEC 27001 and about the transition process please do not hesitate to contact us at office@rigcert.org.