How migration to ISO 27001:2022 promotes better business outcomes

The release of the updated version, ISO 27001:2022, brings with it significant changes that demand attention and understanding as the information security focus has expanded to include cybersecurity and privacy criteria within the standard compared to its last version issued in 2013. Here we will explore the changes to ISO 27001:2022 and highlight key considerations to achieve a successful transition.

 

1. Strengthened Risk Management

Information security risk management has always been the backbone to maintain and ensure the good health of the Information Security Management System (ISMS). While the previous standard already established its compliance through the identification of assets, associated risks and treatment plans, the new standard requires us to explicitly define the risks to both the assets, the processes, and specific stakeholders that are responsible for treatment. 

2. Context and Leadership

In terms of context and leadership, during the implementation process it was previously sufficient to determine the relevant ISMS stakeholders and information security requirements (legal, regulatory and/or contractual), with the current changes the aim is to specify which requirements the stakeholders will specifically address within the ISMS.  This level of depth will force companies to identify the explicit involvement of stakeholders throughout the ISMS and be accountable to the board responsible for information security governance. 

3. Heightened Focus on Supply Chain Security 

In previous versions, the standard did focus heavily on suppliers or the supply chain.  In this new version, the standard requires organizations to assess and manage the risks associated with their suppliers and partners explicitly. Robust processes must be in place to assess the security posture of third-party entities and ensure compliance with appropriate security controls, such as: supplier classification, periodic evaluations and improvement of service agreements in order to enhance information security characteristics. 

4. Streamlined Documentation and Communication

The new standard introduces more specific requirements for documentation and communication within the ISMS. Previously the standard only required information to be managed through the person in charge. However, the incorporation of objective tracking, ISMS change planning, communication and monitoring of the health status of the ISMS must be explicitly documented and made available to involved parties. 

This new requirement is potentially a significant improvement over the previous version, as many organizations were losing traceability in the roles and internal compliance of the information security policies in place. 

How MAKINSIGHTS can help 

At MAKINSIGHTS, we have seasoned professionals that have helped several organizations leverage ISO 27001/27002 as a cornerstone of their information security strategy while identifying key areas for improvement, prioritizing distinct service improvement efforts, and developing a comprehensive plan.  

Our team of certified experts can assist your organization in understanding the changes to ISO 27001/27002 and implement effective methods to embrace the new requirements. Please feel welcome to book a consultation with us via ideas@makinsights.com or through calendly  <https://calendly.com/makinsights/30min>. 

How PCI DSS Version 4 Protects Your Business
With evolving threats and new perspectives for effective cybersecurity and privacy practices, the PCI DSS standard has undergone significant changes that we will explore in this research.
Read more
Unlocking the Power of PTaaS: A Deep Dive into the Future of Cloud Computing
The correlation between the rise of online businesses and cyber-attacks is no coincidence. With nearly 1 cyber-attack happening every 39 seconds, every business is at risk. Unfortunately, many of them are underprepared because traditional penetration testing is costly, lengthy and complicated.
Read more
Understanding the Security Risks of Using CHATGPT at Work
As organizations increasingly turn to artificial intelligence (AI) technologies like CHATGPT to streamline and automate business processes, they also face new and complex security risks. While these technologies have the potential to revolutionize how we work, they can also expose companies to a range of threats and vulnerabilities.
Read more
Previous
Next

Leave a Comment

Your email address will not be published. Required fields are marked *