ISO\/IEC 27001 is an information security management system<\/strong> (ISMS)<\/strong> standard that was first released in 2005. It provides a framework for organizations to manage and protect their digital assets. The standard was revised in 2013 and again in 2022, with the most recent update in October.<\/p>\n The new version, ISO\/IEC 27001:2022, is intended to help organizations respond to the ever-growing threat of cybersecurity<\/strong> and privacy incidents<\/strong>. It includes new requirements for risk management, incident response, data protection, and more.<\/p>\n If you’re looking to improve your organization’s information security posture, ISO\/IEC 27001:2022 is a good standard to consider.<\/p>\n An ISMS is a set of policies and procedures that helps an organization protect its sensitive data from unauthorized access, use, disclosure, or destruction by identifying and mitigating risks<\/strong>. For the more curious readers, we have published a white paper<\/a> on cyber governance!<\/p>\n You may be wondering why this is important. Well, consider the fact that we now live in a digital world where almost everything we do is online. We bank online, we shop online, we socialize online. We even vote online. And as more and more of our lives move online, the need for robust information security becomes more and more critical.<\/p>\n That’s where ISO\/IEC 27001 comes in. By implementing an ISMS based on this standard, organizations can protect their data<\/strong> from cyberattacks and data breaches, which can have devastating consequences for both individuals and businesses.<\/p>\n So what’s new in ISO\/IEC 27001:2022<\/p>\n Well, for starters, the title has changed to reflect the fact that information security, cybersecurity and privacy protection are all vitally important in today’s digital world. The standard has also been updated to reflect the latest technologies and threats<\/strong>.<\/p>\n 1 New clause<\/strong><\/p>\n \u201cWhen the organization determines the need for changes to the\u00a0information security management system, the changes shall be carried out in a planned manner.\u201d<\/p>\n 5 New sub clauses<\/strong><\/p>\n \u201cThe organization shall conduct internal audits at planned intervals to provide information on whether the information security management system: a) conforms to 1) the organization\u2019s own requirements for its information security management system; 2) the requirements of this document; b) is effectively implemented and maintained.\u201d<\/p>\n \u201cThe organization shall plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting. When establishing the internal audit programme(s), the organization shall consider the importance of the processes concerned and the results of previous audits. The organization shall: a) define the audit criteria and scope for each audit; b) select auditors and conduct audits that ensure objectivity and the impartiality of the audit process; c) ensure that the results of the audits are reported to relevant management;<\/p>\n \u2192 Instead of a single clause, the elements have been divided into 3 sub clauses for enhanced clarity.<\/p>\n 2 clauses has swapped<\/strong><\/p>\n \u2192 The clauses remain the same but the number has changed. 10.1 become 10.2 and vice versa<\/p>\n The biggest change is ISO\/IEC 27001:2022 Clause Annex A (normative) Information security controls reference \u2192 ISO 27002: 2022<\/a> new version<\/p>\n So, what are the benefits of implementing ISO\/IEC 27001:2022?<\/p>\n Well, more than a compliance exercise, it can help you build trust with your customers and stakeholders<\/strong>. By proving that you have a robust information security management system in place, you’re telling them that their data is safe with you.<\/p>\n It can also help you stay ahead<\/strong> of the curve<\/strong> when it comes to cybersecurity and privacy protection. With ever-evolving threats, it’s crucial that your organization has a framework in place that can adapt to these changes.<\/p>\n ISO\/IEC 27001:2022 is also one of the best ways to become compliant<\/strong> with the General Data Protection Regulation (GDPR<\/strong>) and New Federal Act on Data Protection (nFADP<\/strong>) in Switzerland. So if your organization is looking to become GDPR-compliant, then this is the framework for you!<\/p>\n The best way to get started with ISO\/IEC 27001:2022 is to partner with an experienced and qualified consultant. They can help you every step of the way, from developing a comprehensive security policy to implementing the required technical controls.<\/p>\n But don’t take our word for it. You can buy the standard yourself and read it. Here are some tips from the International Organization for Standardization (ISO) on how to get started:<\/p>\n The new ISO\/IEC 27001:2022 is a revamped version of the original standard that takes into account the latest advances in technology and security threats. It\u2019s just an evolution with very few changes. It is important to note that the standard is not just for large companies \u2013 any business can benefit from using it<\/strong>.<\/p>\n We provide an easy-to-implement ISO27001 cockpit<\/strong> that will allow you to continuously monitor and optimize your cyber risk management<\/strong>. This dedicated cockpit will help you achieve greater performance and meet certification objectives. Contact us<\/a> to learn more about how we can help you get started!<\/p>\n A new and Improved version of ISO\/IEC 27001 to enforce digital trust You may have heard of the international standard ISO\/IEC 27001, but what is … <\/p>\nWhy ISO\/IEC 27001 Is Important?<\/h2>\n
What has changed in the New version of ISO\/IEC 27001:2022?<\/h2>\n
Summary of the main ISO27001 changes:<\/h3>\n
\n
\n
\n
\n
\n
What Are the Benefits of Implementing ISO\/IEC 27001:2022?<\/h2>\n
How Can Organizations Get Started With Implementing ISO\/IEC 27001:2022?<\/h2>\n
\n
![\"ISO27001\"](\"https:\/\/www.smartcockpit.ch\/wp-content\/uploads\/2022\/11\/Copie-de-ISO27001-600x600.png\")
<\/p>\n","protected":false},"excerpt":{"rendered":"