ISO management systems

Safely facing the future with the new ISO/IEC 27001


The ISO/IEC 27001 standard for information security and cybersecurity received an update. The large increase in cyberattacks makes this information security management system (ISMS) invaluable for organizations that want to get and keep their information security in order. Because secure information is vital in today's increasingly digital world.

What is ISO/IEC 27001?

ISO/IEC 27001 contains the requirements to establish, implement, maintain and improve an information security management system in your organisation .

To that end, ISO/IEC 27001 uses the security controls from the ISO/IEC 27002 Code of Practice in Appendix A.

What has changed in this new version?

  • Appendix A contained 114 controls in 14 chapters. The restructured 2022 version has 93 checks divided into 4 chapters. Some controls were merged, others are new and may require modification of your existing system.
  • The updated standard is also now in line with the harmonized structure for management system standards.
  • The new ISO/IEC 27001:2022 contains a few more minor changes:
  • The "stakeholders," "scope," "risk treatment" and "operational planning" sections were refined.
  • A chapter on "change management" was added.
  • The "audit program" and "input/output" sections were split.

Transition period for certified companies

Organizations with ISO/IEC 27001 certification will have the opportunity to incorporate the changes and adapt their ISMS accordingly. A transition period of 3 years is provided for this purpose. Thus, the changes will have no impact on their current certification.

Essential for IT

ISO/IEC 27001 has since become the international common language for IT security across all industry sectors. The standard is used for risk management, cyber resilience and operational excellence.

Properly applied, this cybersecurity standard is a roadmap to information security excellence. And thus the foundation for building and managing a secure future.

Want to buy the new standard?

The updated information security standard is available in our e-shop.

ISO/IEC 27001:2022

Want to know more about information security?

We nicely list everything you need to know about ISO/IEC 27001, the international standard for information security, for you.

Read more about ISO/IEC 27001

Thank you for your interest!
The link to the white paper on standards for SMEs has been sent to your email address.
You can also download it immediately below.
Oops! Something went wrong while submitting the form.

Related articles

See all articles
Arrow pointing right