Given the rapidly changing environment in Cyber Security, many security standards are updated every few years. That has not been the case with ISO/IEC 27001, a fully risk-based standard designed to provide requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). The current operating version, ISO 27001: 2013, is widely utilized globally and certification is accepted in 168 countries worldwide.
As one of the most highly regarded information security standards on the planet, it’s somewhat surprising that it hasn’t been updated in nearly a decade. But the wait is coming to an end, after delays caused largely by the pandemic, the International Standards Organization (ISO) is expected to release a new version of the ISO/IEC 27001 Standard by the end of 2022.
What is Changing
The critical elements required for certification in the first half of ISO 27001: 2013, Clauses 4-10, are not expected to change in the 2022 version to come. In February this year, however, the ISO organization released ISO 27002: 2022, which replaces its earlier version ISO 27002: 2013.
ISO/IEC 27002 essentially mirrors all…
