Skip to content

The latest on the ISO 27001 standard update

Stay ahead by undertaking the 2022 IS0 27001 training. Let us bring ease to the situation by refreshing your knowledge with this recently updated standard.

Stay ahead by undertaking the 2022 IS0 27001 training. Let us bring ease to the situation by refreshing your knowledge with this recently updated standard.

What’s it all about?

ISO 27001 will help you protect your information in terms of the following principles:

• Confidentiality ensures that information is accessible only to those authorized to have access.

• Integrity safeguards the accuracy and completeness of information and processing methods.

• Availability ensures that authorized users have access to information and associated assets when required.

• Technical protection against computer fraud.

So, what’s the latest about IS0 27001 here in the UK?

With so much of modern business and commerce being carried out digitally, information, data and cyber security must always be high on the list of management concerns. The issue of cyber threats and attacks may have been pushed off the headlines in recent months by energy costs and security

concerns, but the cyber threat has certainly not diminished and may even have grown.

The publication of the latest version of ISO/IEC 27001 reminds us that all companies are increasingly exposed to information security risks. ISO/IEC 27001 is the internationally recognized information security management system (ISMS) standard which helps companies proactively manage and protect their information assets and to manage and mitigate security events. It also helps address regulatory compliance and meet customer requirements.

Significant loss and reputational damage can result from security breaches and cyber-attacks. To avoid this organizations must manage current threats and, and where required, reduce the risks. This will help build stakeholder trust and ensure the risk of financial loss and disruption is minimized. Putting in place a robust, structured framework to identify, manage and mitigate risk will drive continual improvement and strengthen business continuity.

ISO/IEC 27001 is designed to be compatible and harmonized with other recognized ISO management system standards. The last major overhaul of the standard was in 2013. Therefore, it was deemed necessary to bring the standard, including the information security controls as defined in ISO/IEC 27002, up to date with the cyber-attack and data security-breach scenarios that have developed in the interim.

Organizations certified to the current 2013 version of ISO 27001 will have three years to transition to the new version. This means their current ISMS must meet the new requirements before November 2025. For organizations not yet certified, the best course would be to aim for certification against the new standard immediately.

“84% of executives say their organisation has suffered from data theft/loss from a network security incident in the last two years, revealing a worrying overconfidence in the effectiveness of businesses’ protection.” The Economist, 2023.

What are the next steps?

Please get in touch with our dedicated Business Assurance team by emailing uk-support@dnv.com or calling +44 20 3816 6641. We can then put together tailored training that works perfectly for you and your companies needs. There are currently ISO 27001:2022 Transition Training for Auditors courses available here and here.

_________________________________________________________

Please note, from 18 months after the last date of the publication month of ISO/IEC 27001:2022, initial audits and recertifications only to ISO/IEC 27001:2022 (which means from 30 April 2024).