Skip to main content

Know Your Compliance

All you need to know about the newly released ISO 27001:2022

ISO 27001:2022 is the latest version of the international standard for Information Security Management Systems (ISMS), published by the International Organization for Standardization (ISO).

It is among the global standards guiding organizations on the right way to implement technology, develop and enforce processes and focus on the people who are the key stakeholders and first line of cyber defense for any organization.

Focusing on the People, Process, and Technology (PPT) and ensuring that the Confidentiality, Integrity, and Availability (CIA) of organizations’ data, ISO addresses the matters comprehensively and precisely to shape the security posture in the organizations.

The new ISO 27001:2022 standard addresses key aspects of cyber security, governance, and technology that need to be addressed by organizations in the new cyber age where threats keep evolving and becoming more complex by focusing on the following four domain controls.

  • People controls
  • Physical controls
  • Technical controls
  • Organizational controls

Some of the key features of ISO 27001:2022 include:

Risk-based approach: ISO 27001:2022 emphasizes a risk-based approach to information security management, requiring organizations to identify and assess risks to their information assets and implement appropriate controls to mitigate those risks.

Context of the organization: The standard emphasizes the need for organizations to understand and consider their internal and external context when establishing and managing their information security management system, including the needs and expectations of relevant interested parties.

Leadership and commitment: ISO 27001:2022 places a strong emphasis on leadership and commitment from top management in driving and supporting the information security management system. It requires top management to demonstrate their commitment to information security and actively participate in the system's establishment, implementation, and maintenance.

Integration with business processes: The standard emphasizes the integration of information security management with the overall business processes of the organization, aligning information security objectives with the strategic objectives of the organization.

Continuous improvement: ISO 27001:2022 requires organizations to establish a culture of continuous improvement, regularly monitoring, and reviewing the effectiveness of the information security management system and taking corrective actions as necessary.

Enhanced focus on documentation: The standard has increased requirements for documentation, including documented information related to the context of the organization, the scope of the information security management system, and the risk assessment process.