Home Resources Blog October 2022

Why do we Need an Update to ISO 27001?

27 October 2022
The highly anticipated update to ISO 27001 is finally here! ISO 27001:2022 arrived at the end of October with a number of interesting revisions.

The world has changed significantly since 2013; horse meat found in burgers, Andy Murray winning Wimbledon and the birth of a future king were just a few items in the news when ISO 27001 last had a significant rewrite.

The world of information security has changed too, with a massive increase in the amount of data being processed, and the value of it drawing targets on the back of any company that has data - and in 2022, who doesn’t?  

The change of the title to 'Information security, cyber security and privacy protection – Information security management systems – Requirements' is noteworthy as this indicates an increase in focus toward cyber and privacy and a more holistic look at a company’s security posture.

However, as with everything, balance is key. ISO 27001 encourages a business to really understand the why, who, what, where, when and how of security in the context of their business, developing an Information Security Management System (ISMS) that works now and into the future.

ISO 27001:2022 fits perfectly into all sizes of enterprise and deals with the implications of security in the modern world. It’s a risk-based standard of best practice security.

Companies with more mature security postures will notice a similarity to some well-known methodologies and frameworks while newer businesses will be introduced to some of these ideas, bolstering their defences and creating a more secure environment for all in the process.

Taking advantage of modern, lean supply chains is one of the most common attack vectors leveraged by threat actors today. Infiltrating less secure elements of a supply chain allows an attacker to take advantage of trusted connections leading them to where the data they really want is held.

ISO 27001:2022 gives businesses confidence that they are solidifying their security by partnering with those that hold certification, whilst for suppliers, they can confidently demonstrate that they are not going to be the weakest link in the supply chain.

We will be publishing more detail about the changes soon. To be the first to hear about them, sign up to our regular newsletter, InTouch.

Author - James Keenan, NQA Information Security Assurance Manager