Revision to ISO 27002:2022 and what it means for ISO 27001 certified Organisations

The typical lifespan of an ISO standard is five years. In 2018, it was decided that ISO 27002:2013 should be revised. The new version of ISO 27002 has been released in February 2022 (ISO 27002:2022).

What’s New in ISO 27002:2022?

ISO 27002:2013 contained 114 controls, divided over 14 chapters. This has been restructured, the 2022 version contains 93 controls, divided over 4 chapters:

5. Organizational (37 controls)

6. People (8 controls)

7. Physical (14 controls)

8. Technological (34 controls)

 

New Controls in ISO 27002 (11 Controls)

1.      Threat Intelligence

2.      Information Security for use of cloud services

3.      ICT readiness for business continuity

4.      Physical Security Monitoring

5.      Configuration Management

6.      Information Deletion

7.      Data Masking

8.      Data Leakage Prevention

9.      Monitoring Activities

10.  Web Filtering

11.  Secure Coding

 

Does my ISMS need to be updated?

Not immediately. As ISO 27002 is just a code of practice, it is not possible to certify against it.  ISO 27001 needs to be updated accordingly. The newer version of Iso 27001 is planned to be released in October 2022.

 

When that happens, you can remain certified against the current version of ISO 27001. You will most likely need to update your ISMS before the next certification cycle.