Stay Ahead with ISO 27001:2022:

Your Guide to Seamless Transition and Implementation.

 

On Tuesday, October 25th, 2022, ISO released the updated ISO 27001:2022 Information Security Standard, replacing ISO 27001:2013 through a managed transition. The International Accreditation Forum (IAF) has stipulated a 3-year Transition Period for organizations certified to ISO 27001:2013. During this period, both old and new standards remain valid, but certified organizations must transition to the new standard before its completion. This transition ensures alignment with the latest standards and requirements set forth by ISO and IAF.

 

What has changed in ISO 27001:2022?

Minor changes within the body of the ISO 27001 standard have been made to better align with the harmonised structure for management system standards (i.e., Annex SL). Of note,

Changes have been made in the following requirements:

4.2 Understanding the needs and expectations of interested parties

4.4 Information security management system

6.2 Information security objectives and planning to achieve them

6.3 Planning of changes

9.1 Monitoring, measurement, analysis, and evaluation

9.3.2 Management review inputs

The Annex A controls have been regrouped from 14 control objectives to the following 4 broad themes:

  1. Organisational (37 Controls)
  2. People (8 Controls)
  3. Physical (14 Controls)
  4. Technological (34 Controls)

Also, 11 new controls have been added within the total of 93, however not all of these controls will need to be used. We can help and guide you to determine, and document this in the ISO 27001:2022 “Statement of Applicability”

The 11 new controls added to ISO 27001:2022 are:

  1. Threat intelligence
  2. Information security for use of cloud services
  3. ICT readiness for business continuity
  4. Physical security monitoring
  5. Configuration management
  6. Information deletion
  7. Data masking
  8. Data leakage prevention
  9. Monitoring activities
  10. Web filtering
  11. Secure coding

 

ISO 27001:2022 Transition Process

We plan to maintain a clear transition approach that is easy for our clients to comprehend and apply. Our goal is to provide organisations with the guidance and tools to make the transition from ISO 27001:2013 to ISO 27001:2022 as smooth as possible.

The transition process for ISO 27001:2022 includes three primary deliverables:

  1. Initial Meeting: This will be with our IRCA qualified consultant to discuss the changes and how they will impact the organisation; what changes will need to be made to the management system documentation (MSD), and which of the new controls will apply along with what the organisation needs to do to become compliant.
  2. Management System Documentation: Creation of new and/or amended MSD along with supporting you in the work you need to undertake and agree the new and/or amended MSD. This includes the Statement of Applicability (SOA).
  3. Presentation of Management System: Formal handover and presentation of new ISO 27001:2022 Management System

Once our consultancy work is complete, we estimate you will require between 2-12 weeks to evidence that you are following the ISO framework before certification is audited and issued, we can assist with this by either, independent (QAS International), or your chosen UKAS Certification body.

Please note that all work carried out by our consultants will meet both independent and UKAS certification standards.

Maintaining the system will also require an annual surveillance audit by a Certification Body.

In order to discuss this further please book an ISO Benefits Review

 

Is ISO 27001 is an investment, or a cost?

ISO 27001 should be seen as an investment, and not as a cost to your business, it is an investment in the following:

  • Your Company
  • Win more business, increase profits, control costs, protect yours, your customers and other interested parties Information and data, protect against potential fines, loss of reputation or other damages relating to governance and compliance as well as protecting your reputation and brand.
  • Your Employees
  • Influences operational performance, protect, and safeguard your people, enable them to have a clear understanding of their role and responsibility where information and data security is concerned, as well as internally motivate and enhance performance.
  • Your Customers
  • To demonstrate reliability and high quality of service, reduce security incidents, risks and improve services, meet and exceed service level agreements, and assure customers that they are working with an information and data security focused supplier.
  • ·Your Future!
  • Protect yours and your customers information and data, ensure that your business can continue to operate, prove your credentials to a global market, and grow and develop in a controlled way!

At AEC, we offer a clear and structured 5-step approach to ISO implementation utilising our ISO Management Platform (IMSMLoop) to ensure a smooth and efficient process for your organization across a wide range of ISO standards, and rest assured that the investment quotation we will supply for the development of the ISO management system are fixed, and there will be no additional or hidden charges regardless of the duration or complexity of your business.

Client Feedback and Review

This section highlights testimonials and evaluations from our clients, showcasing how we continuously strive to enhance our services. Your feedback helps us grow and ensures we meet your needs effectively

The Security You Need.
The Compliance to Succeed.

Company

Business Hours

About Us

About Us

Copyright Notice

Information

Work Hours

Terms and Conditions

Business Hours

Contact Info